Telegram notification on successful ssh-authentication in Fedora

Running a Linux instance, you want to stay on top of things. One element is to ensure to get a notification if an adversary performs an unexpected operation. I use a telegram bots to get notifications about events in general. One type to f these events are successful ssh logins. In this article, I’m going to show you how to set up this yourself on a fedora system. You’ll need to have a bot already prepared.
(it’s super easy! Check out: https://core.telegram.org/bots#creating-a-new-bot)

First, create a shell script you want to execute on every login (I’ll store it at /opt/pamscript.sh):

#!/bin/bash
export CLIENT=$(id)
curl -s -X POST -H 'Content-Type: application/json' -d "{\"chat_id\": \"1234567\", \"text\": \"New Login: $CLIENT\", \"disable_notification\": false}" https://api.telegram.org/bot123456:<our-token>/sendMessage > /dev/null

Make sure your pamscript is executable (chmod +x /opt/pamscript.sh), then add open the file “/etc/pam.d/sshd “ and add the following line at the bottom:

session    optional     pam_exec.so /opt/pamscript.sh

Now, every time you log in to your server (with any user) you’ll get a notification sent to your phone: