"Intelligent" Telegram SSH Login notifier on Linux using PAM

login-notify.sh

#!/bin/bash

YOUR_ISP="<YOUR ISP>"
YOUR_CITY="<YOUR CITY>"

if [ ! ${PAM_TYPE} = "open_session" ]; then
        exit 0
fi

# prepare any message you want
login_ip="$(echo $SSH_CONNECTION | cut -d " " -f 1)"
login_ip_data=$(curl -s "https://ipapi.co/${login_ip}/json/")
login_ip_city=$(echo -e $login_ip_data | jq -r ".city")
login_ip_org=$(echo -e $login_ip_data | jq -r ".org")
silent="FALSE"
if [ "${login_ip_city}" == "${YOUR_CITY}" ] && [ "${login_ip_org}" == "${YOUR_ISP}" ]; then
        silent="TRUE"
fi
login_date="$(date +"%e %b %Y, %a %r")"
login_name="${PAM_USER}"
login_hostname="$(hostname)"

login_ip_country_name=$(echo -e $login_ip_data | jq -r ".country_name")
login_ip_asn=$(echo -e $login_ip_data | jq -r ".asn")

read -r -d '' message << EOM
<b>${login_hostname}</b> ($login_name)
IP: <b><a href="https://ipapi.co/${login_ip}">${login_ip}</a></b>
City: ${login_ip_city} (${login_ip_country_name})
Organization: ${login_ip_org} (${login_ip_asn})
EOM

#send it to telegram
telegram-send $silent "$message"

telegram-send

# file located at /usr/bin/telegram-send.sh
#!/bin/bash

GROUP_ID=<TELEGRAM GROUP ID>
BOT_TOKEN=<TELEGRAM BOT TOKEN>

# this 3 checks (if) are not necessary but should be convenient
if [ "$1" == "-h" ]; then
  echo "Usage: `basename $0` \"text message\""
  exit 0
fi

silent="false"
if [ "$1" == "TRUE" ]; then
        silent="true"
fi

if [ -z "$2" ]
  then
    echo "Add message text as second arguments"
    exit 0
fi

if [ "$#" -ne 2 ]; then
    echo "You can pass only two arguments. For string with spaces put it on quotes"
    exit 0
fi

curl -s --data-urlencode "text=$2" --data "chat_id=$GROUP_ID" --data "parse_mode=HTML" --data "disable_notification=$silent" 'https://api.telegram.org/bot'$BOT_TOKEN'/sendMessage' > /dev/null

Telegram_SSH_Login_notifier.md

"Intelligent" Telegram SSH Login notifier on Linux using PAM

This login notifier uses IP information to send silent telegram notifications if the login source seem to be trustable.

Telegram Bot setup

First, please read this awesome Medium tutorial on how to setup the Telegram bot.

Telegram Linux setup

In order to send Telegram messages, you have to copy and paste the telegram-send file to /usr/bin/telegram-send and run chmod +x /usr/bin/telegram-send in order to make the script executable. Make sure to replace the placeholders with your custom values

After that, you can already send messages to your Telegram channel by typing telegram-send FALSE This is a Telegram test. This first argument specifies whether the message should be silent or not.

Script setup

After setting up the Telegram script you may now create the notify script itself by copy and pasting the login-notify.sh file to /etc/pam_scripts/login-notify.sh and run chmod +x /etc/pam_scripts/login-notify.sh in order to make this script executable, too. Make sure to replace the placeholders with your custom values

Install JSON parser jq

If not installed, you have to install the JSON parser jq. When using a Debian/Ubuntu system, the package can be installed by running:

sudo apt install jq

PAM Notification setup

Finally you have to set up the PAM part by adding the following line to your /etc/pam.d/sshd file:

# Login Telegram Notification
session optional pam_exec.so /etc/pam_scripts/login-notify.sh

After you did that, you should be good to go and be notified when you login onto your Linux machine using ssh.

Credits

Base articles this tutorial is based on:

• https://bogkonstantin.medium.com/send-messages-to-telegram-on-ssh-login-to-server-90622b170dc7
• https://www.vpsinfo.com/post/email-alert-ssh-login/ IP Information API: https://ipapi.co/