Automated messages to the Telegram bot using curl or script
Hosting a AWS instance always comes with risk if it being pwned. Even though the fail2ban and hardening of the SSH will prevent most of times, still to be notified of successful login is helpful to identify unexpected logins.
If you need primer on Telegram bots, botid, auth token, see my other blog on telegram bot.
$ echo "session optional pam_exec.so /usr/local/bin/notify-on-ssh-login.sh" >> /etc/pam.d/sshd
$ Edit the file /usr/local/bin/notify-on-ssh-login.sh (Any location will be fine for script, this is my custom folder location)
#!/bin/bash
#Edit below two lines to reflect with your setup
TOKEN="<your-bot-id:your-auth-token>"
ID="<your-chat-id>"
URL="https://api.telegram.org/bot$TOKEN/sendMessage"
if [ "$PAM_TYPE" != "open_session" ]
then
exit 0
else
curl -s -X POST $URL -d chat_id=$ID -d text="$(echo -e "Host: `hostname`\nUser: $PAM_USER\nHost: $PAM_RHOST")" > /dev/null 2>&1
exit 0
fi