ssh登录发送邮件警告
目录
[TOC]
效果:每当有ssh登录,就发送邮件通知
直接使用curl发送邮件,避免安装多余的包
curl版本:
1.创建发送邮件的脚本
mkdir /home/scriptsvim /home/scripts/ssh_notification.sh脚本的位置随意
这里用的是smtps+ssl+465端口,若不想用ssl,可以删除--ssl-reqd
smtp(s)端口一般是465或者587
下面这几个改成自己的,其他的不用变
email_from: 发送者邮箱(搞一个专门干这件事的邮箱,别到时候别人进来看到你的邮箱,直接把邮箱绑定的所有账号一锅端了)email_from_password: 发送者邮箱密码email_to: 接收者邮箱(建议使用qq邮箱接收,iPhone上安装qq邮箱客户端,qq收到邮件,可以走苹果的APNs推送,更及时)smtp_server: 发邮件的SMTP服务器地址smtp_port: smtp端口(465或587)
#!/bin/sh
email_from="[email protected]"
email_from_password="password"
email_to="[email protected]"
smtp_server="mail.example.com"
smtp_port="465"
if [ "$PAM_TYPE" != "close_session" ]; then
host="`hostname`"
user="${USER:-$PAM_USER}"
remote_host="${SSH_CLIENT%% *}"
current_time=$(date +"%Y-%m-%d %H:%M:%S")
subject="[$current_time] - $user logged in from $remote_host on $host"
message="SSH Login Details:
Username: $user
Remote Host: $remote_host
Local Host: $host
Date/Time: `date -R`
Environment Variables:
`env`"
tmpfile=$(mktemp)
cat <<EOF > "$tmpfile"
From: SSH Login Alert! <$email_from>
To: $email_to
Subject: $subject
Date: `date -R`
$message
EOF
curl --ssl-reqd \
--url smtps://$smtp_server:$smtp_port \
--mail-from "$email_from" \
--mail-rcpt "$email_to" \
--user "$email_from:$email_from_password" \
--upload-file "$tmpfile" > /dev/null 2>&1
rm "$tmpfile"
fi2.编辑sshrc,没有就直接创建(一般默认都没有)
vim /etc/ssh/sshrc添加
nohup bash /home/scripts/ssh_notification.sh > /dev/null 2>&1 &测试(可选):
- 手动运行一次脚本,看看有没有收到邮件
chmod +x /home/scripts/ssh_notification.sh bash /home/scripts/ssh_notification.sh
- ssh连接试一下,检查接收邮箱
3.若要取消ssh登录发送邮件
删除两个文件即可
rm /etc/ssh/sshrc /home/scripts/ssh_notification.shpython版本:
前面的步骤都一样,就是脚本换了下:
import smtplib
import os
import socket
from email.mime.text import MIMEText
from datetime import datetime
def send_email(smtp_server, smtp_port, email_from, email_from_password, email_to, subject, message):
msg = MIMEText(message)
msg['From'] = f"SSH Login Alert! <{email_from}>"
msg['To'] = email_to
msg['Subject'] = subject
msg['Date'] = datetime.now().strftime("%a, %d %b %Y %H:%M:%S %z")
try:
# 判断使用的端口是 587 (STARTTLS) 还是 465 (SSL)
if smtp_port == 587:
with smtplib.SMTP(smtp_server, smtp_port) as server:
server.starttls() # 启用TLS
server.login(email_from, email_from_password)
server.sendmail(email_from, email_to, msg.as_string())
elif smtp_port == 465:
with smtplib.SMTP_SSL(smtp_server, smtp_port) as server:
server.login(email_from, email_from_password)
server.sendmail(email_from, email_to, msg.as_string())
else:
print(f"不支持的SMTP端口:{smtp_port}")
print("邮件发送成功!")
except Exception as e:
print(f"发送邮件时发生错误: {e}")
if __name__ == "__main__":
email_from = "[email protected]"
email_from_password = "password"
email_to = "[email protected]"
smtp_server = "mail.example.com"
smtp_port = 465 # 可以是465或者587
# 检查PAM_TYPE是否为"close_session"
pam_type = os.environ.get("PAM_TYPE")
if pam_type != "close_session":
host = socket.gethostname()
user = os.environ.get("USER", os.environ.get("PAM_USER"))
remote_host = os.environ.get("SSH_CLIENT", "").split()[0] if os.environ.get("SSH_CLIENT") else "unknown"
current_time = datetime.now().strftime("%Y-%m-%d %H:%M:%S")
subject = f"[{current_time}] - {user} logged in from {remote_host} on {host}"
# 收集环境变量
env_vars = "\n".join([f"{key}={value}" for key, value in os.environ.items()])
message = f"SSH Login Details:\n\nUsername: {user}\nRemote Host: {remote_host}\nLocal Host: {host}\nDate/Time: {datetime.now().strftime('%a, %d %b %Y %H:%M:%S')}\n\nEnvironment Variables:\n{env_vars}"
# 发送邮件
send_email(smtp_server, smtp_port, email_from, email_from_password, email_to, subject, message)