by philwonski  • January 7, 2023

Notify Admin on VPS Server SSH Logins

When running your own linux server, one of the more basic security recommendations I recommend is to notify admin on ssh logins. But how should we do this? I, for one, don’t let email anywhere near my servers… so I need to notify the admin without sending an email directly from the server.

Use the /etc/profile.d directory to run a command on vps login

Turns out, it’s super simple to make your linux vps run specified commands every time someone logs in. All you need to do is place a shell script into the /etc/profile.d directory.

cd
cd /etc/profile.d
touch notifyonlogin.sh
nano notifyonlogin.sh
// now the terminal will open the nano text editor, 
// where you can edit your new bash file.

Use Curl in a BASH script to notify admin on vps logins via ssh

If you’re on the new side, don’t be intimidated by shell scripting. It’s just a list of commands that get executed in sequence. In our case, we just want to ping the outside world and say “hey, someone just logged in!”

Thanks to the handy http tool curl, we can do this with one simple command:

curl -s "https://YOURURL.COM?user=${USER}

All that’s happening here is we are pinging a remote URL and passing the linux ${USER} as a parameter.

So now we have to set up a server to receive this, you ask?

Not really. My go-to for this sort of stuff is the killer message bus / api glue Pipedream. You can set up an endpoint to receive the vps login notification with just a few clicks.

1. Create a new workflow in Pipedream
Click New to start a new Pipedream workflow, in this case for catching http request from our VPS.

2. Select HTTP endpoint to create a new endpoint for receiving VPS login notifcations
New http/webhook trigger in Pipedream
Pipedream has various ways to “trigger” a workflow, and the http/webhook request is the most versitile.

Once you select HTTP/Webhook and save, you will be greeted right away by your new custom endpoint url for catching http requests from your vps.

New endpoint in Pipedream
Pipedream http / webhook endpoint URL… a custom endpoint for you to interact with in just a few clicks.

Remember to hit “Deploy” in the top-right of the Pipedream editor once you reach this screen.

Now you can update your BASH script with your new endpoint. My final bash script looks like this following, and all I did was save it /etc/profile.d and name it notifyonlogin.sh.

#!/bin/bash
# onlogin curl pipedream

curl -s "https://abc123.m.pipedream.net?user=${USER}&server=phils_vps";

Note how I added a parameter with the name of the server. This is so I can send vps login notifications from various VPS servers to the same Pipedream endpoint.

3. Paste that url into your browser url bar to generate a test event

Now take your url just like above and paste it into your web browser. This will give you a test event to work off of for the rest of the setup.

Once the requests hit Pipedream, they’re super easy to use for your next step in the workflow. Want to get a text message? Pipedream has twilio and other sms integrations. Usually I do email and use AWS SES. But I’m gonna keep it simple here and use Pipedream’s built-in email tool (this can only email the Pipedream account owner, which is fine for me in this case).

Look how neat the requests are to handle in Pipedream:

Getting query params in pipedream
Under “Query,” you can see how Pipedream helps you grab the info you need for your subsequent step(s).

In my case, with the email back to myself, I can go back to the Pipedream editor and do as follows:

4. Send email notication on vps ssh login

Back in the workflow editor in the trigger section up top, select the most recent Event, your test when you visited the url in your browser.

Test event in Pipedream
Selecting the event so we can use the username and sever name later.

Now click to create a new step by clicking the plus sign below the trigger box. Then select “email to self.”

send email to self in Pipedream
Send Email to Self on vps login with a Pipedream workflow.

Now, in the step, we can just hover over and copy the query parameters from the trigger section and paste them into the email:

query param copy-paste in Pipedream
Here I can click “select path” to copy the path of my server name to the clipboard.

Here’s how it looks when I paste the server name and user name into my email step.

query params in email in Pipedream
Here you can see how Pipedream helped us quickly use our curl parameters from the server in our email.

That’s it! You have successfully notified yourself on all ssh logins to your linux server!


If you liked this post, follow me on Twitter @philwonski so you know when I post similar content. You can see past posts by me here.

There’s also lots of great (and less esoteric) content being produced by our team on a regular basis — be sure to find us on LinkedIn, and sign up to our newsletter in the footer of this page.

Featured image created with a Dall-E 2 prompt.