This script enhances the functionality of Alexander Henderson's original script for logging SSH sessions to Discord. The original script and blog post can be found here, and credit goes to Alexander Henderson (alexandzors).
This Bash script is designed to be added to /sbin/
and made executable. It integrates with the SSH PAM (Pluggable Authentication Modules) to log SSH session events, such as login and logout, to a Discord channel through a webhook.
-
Copy the Script:
- Copy the script to
/sbin/
and make it executable:sudo touch /sbin/sshd-login sudo chmod +x /sbin/sshd-discord-login.shsudo chmod +x /sbin/sshd-login sudo chown root:root /sbin/sshd-login sudo nano /sbin/sshd-login
- Copy the script to
-
Edit PAM Configuration:
- Open
/etc/pam.d/sshd
in a text editor. - Add the following line to the bottom of the file:
session optional pam_exec.so /sbin/sshd-discord-login.sh
- Open
-
Set Permissions for Logging:
- Ensure the log file has the correct permissions:
sudo touch /var/log/seen_ips.log sudo chmod +x /var/log/seen_ips.log sudo chown root:root /var/log/seen_ips.log
- Ensure the log file has the correct permissions:
-
Set Configuration Variables:
- Edit the script and set the
WEBHOOK_URL
,DISCORDUSER
, andURGENT_ROLE
variables to appropriate values.
- Edit the script and set the
-
Restart SSH Service:
- Restart the SSH service for changes to take effect:
sudo service sshd restart
- Restart the SSH service for changes to take effect:
Once installed, the script will send messages to the configured Discord channel when users log in or out via SSH. It differentiates between new and known remote hosts, providing additional context.
- Original script by Alexander Henderson (alexandzors): LoggingSSHtoDiscord
This script is provided as-is without any warranty. Use it at your own risk, and ensure that you comply with your organization's policies and guidelines.