Here’s a quick tip of the day that I came across when I needed a way to get a notification on my mobile device when particular users log into a server. Turns out that the Linux PAM (Pluggable Authentication Modules) offers a convenient way to do this:
All that is required is an extra line in the following file:
/etc/pam.d/sshd
# Add the following line to the file:
session optional pam_exec.so seteuid /PATH/notify-login.sh
Once the script is in place, the ‘notify-login.sh’ script (don’t forget to make it executable) is called whenever a user logs in via ssh. And to only get notified for particular users, here’s my quick and dirty bash code for this:
#!/bin/bash
# An array of the username for which to notify
user=(\
"user-x" \
"user-y" \
)
if [ "$PAM_TYPE" != "close_session" ]; then
for item in ${user[@]}; do
if [ "$PAM_USER" = "${item}" ]; then
INSERT_CODE_FOR_NOTIFICATION_HERE
fi
done
fiThe array is of course only necessary if notifications should go out for more than one username. And for sending out a push notification, I recommend Gotify!