Hosting a AWS instance always comes with risk if it being pwned. Even though the fail2ban and hardening of the SSH will prevent most of times, still to be notified of successful login is helpful to identify unexpected logins.

If you need primer on Telegram bots, botid, auth token, see my other blog on telegram bot.

$ echo "session    optional     pam_exec.so  /usr/local/bin/notify-on-ssh-login.sh" >> /etc/pam.d/sshd

$ Edit the file /usr/local/bin/notify-on-ssh-login.sh (Any location will be fine for script, this is my custom folder location)

#!/bin/bash

#Edit below two lines to reflect with your setup
TOKEN="<your-bot-id:your-auth-token>"
ID="<your-chat-id>"

URL="https://api.telegram.org/bot$TOKEN/sendMessage"
if [ "$PAM_TYPE" != "open_session" ]
then
	exit 0
else
	curl -s -X POST $URL -d chat_id=$ID -d text="$(echo -e "Host: `hostname`\nUser: $PAM_USER\nHost: $PAM_RHOST")" > /dev/null 2>&1
	exit 0
fi