If you’re using self-hosted servers, you might have run into this (or similar) blog which covers most of the things you need to do on your first login to the server.
Over the past weeks, I’ve failed to setup mail alerts on ssh login, sudo, and other events due to the various cloud providers blocking the
SMTP ports for security reasons and making it difficult to setup a Mail Transfer Agent (MTA) quickly.
Slack alerts seemed to be the next logical step, and it takes considerably less time to setup. We’ll be leveraging Unix systems’ Pluggable Authentication Module (PAM) – which can be configured under
/etc/pam.d – to setup slack alert on ssh login and logout events.
The following steps shall guide you to easily setup the same and maybe adapt the process to other services like discord, telegram, or what have you.
Getting Startedsection on slack’s webhook documentation for creating an app and tieing it to a
#channelunder your desired workspace. This should land you with a
POSTrequest with the details (
HOSTNAME) on either
close_session(logout) event as payload to the
You can name the script anything you want and place it anywhere; For this example, I’ve placed it in
Make the script executable.
pam_exec.sohelps us trigger the scripts based on various authentication events. We’ll add the path to our script under
/etc/pam.d/sshdwhich will trigger our script on any ssh authentication-related events.