Track SSH Logins via Telegram

Track SSH Logins via Telegram
Page content

If you are a Dev-Ops Engineer, You and Your team may want to keep a track of who is logging in to which Servers/Virtual Machines.

In this article, We will learn how to create a Telegram Bot and write a shell script to send messages to Telegram messenger using the Curl command.

Then you will also use this shell script to send a notification to your Telegram Channel when a SSH login is detected.


Building a Telegram Bot

Bots are third-party applications that run inside Telegram. Users can interact with bots by sending them messages, commands and inline requests. You control your bots using HTTPS requests to our Bot API.

To send a message to Telegram group or channel, you should first create your own bot. Just open Telegram, find @BotFather and type /start. Then follow instructions to create bot and get token to access the HTTP API.

  • Search for @BotFather and click on “Start” or type “/start”
  • Type “/newbot” to start creating a new Bot
  • Name the bot. Example, in our case we are naming the bot as “test-ssh-bot”
  • You will get a HTTP Access Token (marked in red). Make a note of it, You will have to use it in the shell script.
  • Also, Tap on the link “ t.me/sample_test_ssh_bot” to message the bot. Send a test message to the bot.

Congratulations! Now at this point of time, You have a Bot ready.


Creating Telegram Chat Channel

Create a new Channel and name it as SSH Channel. Also add the bot we created in the last step to this channel as a subscriber.

After the Channel is created, Send a test message to the channel.


Get the required Details

Now that you have everything ready at Telegram’s side, Lets get the required details to write the Shell Script.

We need 2 things

  • Bot Token — We have already got it
  • Group Chat ID

Open the following link in any of the

https://api.telegram.org/bot<YourBOTToken>/getUpdates

You will see a json response, If you don’t see any data you should send a test chat message in the channel first. Highlighted in red is your Group Chat ID. Make a note of it, You will have to use it in the shell script.


Shell Script to send a Telegram message

To send a message we could use simple command like

curl https://api.telegram.org/bot<YourBOTToken>/sendMessage?chat_id=<group_chat_id>&text=<text_message>

Now, Lets build a Shell Script which can send a message on every SSH

Create file as /usr/local/bin/notify-on-ssh-login.shin the server which you want to monitor.

#!/bin/bash

TOKEN="<BOT_TOKEN>"
ID="<GROUP_CHAT_ID>"
URL="https://api.telegram.org/bot$TOKEN/sendMessage"

if [ "$PAM_TYPE" != "open_session" ]
then
  exit 0
else
  curl -s -X POST $URL -d chat_id=$ID -d text="$(echo -e "Host: `hostname`\nUser: $PAM_USER\nHost: $PAM_RHOST")" > /dev/null 2>&1
  exit 0
fi

Give executable permission to this file

chmod 777 /usr/local/bin/notify-on-ssh-login.sh

Open the file sshd (vi /etc/pam.d/sshd) and add the following line

session optional pam_exec.so /usr/local/bin/notify-on-ssh-login.sh

Results

Congratulations!, You are all done. Now when anyone with the SSH Access logs into the VM, You will get a message as below. Now you can add everyone in you Dev-Ops team to this Group.