If you’re looking to get notified when someone logs into your Linux servers via SSH, Jack Wallen is here to show you how to set this up.
I do a lot of testing on open-source software, and sometimes, I need to be able to do things a bit differently. Case in point: Trying to send an email from a test server that’s not connected to a WAN-facing domain. That can get really tricky.
SEE: 40+ open source and Linux terms you need to know (TechRepublic Premium)
However, with Postfix and Gmail SMTP, it’s not impossible.
Your first question might be “Why would you need to do this?” As I said, I do a lot of testing, so I have several Linux servers on a LAN that need to be able to send out emails. One example of that is creating an email alert for when someone logs into a server via SSH. To make that work on a server within a LAN, you have to get kind of creative.
Let me show you how I accomplished this.
What you’ll need
I’m going to be demonstrating on my go-to server distribution of choice, Ubuntu Server. If you use a different flavor of Linux, you’ll only need to modify the installation commands.
And thus… we begin.
How to install the dependencies
The first thing to do is install the necessary dependencies. For that, log into your server and issue the command:
sudo apt-get install postfix mailutils -y
During the installation of postfix, you’ll be prompted to select a type of mail configuration (Figure A).
Figure A
Make sure to select Internet Site and then, in the next window (Figure B), add a fully qualified domain name (preferred) or your machine’s simple hostname.
Figure B
Don’t worry about the details because we’re going to manually add them.
How to configure Postfix
When the installation finishes, it’s time to configure Postfix manually. Before you do that, you’ll need to acquire a Gmail app password. This is done from the security section of your Google Account.
The first thing we’re going to do is create a password file with the command:
sudo nano /etc/postfix/sasl_passwd
In that file, add the following:
[smtp.gmail.com]:587 [email protected]:PASSWORD
Where USERNAME is your Gmail username and PASSWORD is the app password you just created.
Save and close the file and then give it permissions such that only the root user can view it with:
sudo chmod 600 /etc/postfix/sasl_passwd
Next, we open the Postfix main configuration file with:
sudo nano /etc/postfix/main.cf
In that file, locate the relayhost option and change the line to:
relayhost = [smtp.gmail.com]:587
Below that line, add the following:
smtp_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_security_options =
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
Save and close the file.
Next, we need to compile and hash the contents of the sasl_password file we created earlier with the command:
sudo postmap /etc/postfix/sasl_passwd
Finally, restart Postfix with:
sudo systemctl restart postfix
Enable Postfix to start at boot with:
sudo systemctl enable postfix
How to create an SSH login alert
Now that you have Gmail setup as a Postfix relay, it’s time to create our SSH login alert. This is quite simple. Issue the command:
sudo nano /etc/profile
At the bottom of that file, add the following:
if [ -n "$SSH_CLIENT" ]; then
TEXT="$(date): ssh login to ${USER}@$(hostname -f)"
TEXT="$TEXT from $(echo $SSH_CLIENT|awk '{print $1}')"
echo $TEXT|mail -s "ssh login" EMAIL
fi
Where EMAIL is the email address you want the alerts sent to.
Save and close the file.
Log out and log back into the system with SSH and you should eventually see an email alert to the destination email address of the login. The alert will not only tell you which username logged in, but it will also give you the IP address they logged in from.
Subscribe to TechRepublic’s How To Make Tech Work on YouTube for all the latest tech advice for business pros from Jack Wallen.