RELEASED

SSH Alert Secure SSH Monitoring

Secure and reliable utility for monitoring SSH connections to a server with Telegram notifications, maximum user identification, and robust security measures.

View on GitHub 💻 Quick Start 🚀

ssh-alert@server:~$

$ sudo ./install.sh

🚀 Starting SSH Alert setup...

📊 SSH Alert configured and running!

$ sudo tail -f /var/log/ssh-alert.log

✅ SSH Alert monitoring active

$ _

Notification Preview

Real-time SSH connection alerts

🔐 SSH Login Alert

Host IP: 203.0.113.1 / 192.168.1.100

Host: server01.example.com

Person: alice@example.com

IP: 198.51.100.50

Type: Interactive shell

Key: SHA256:abcd1234...

Time: 2024-01-15 14:30:25 UTC

Instant Alerts

Real-time SSH connection monitoring with detailed user identification

Features

Enterprise-grade SSH security monitoring

🔍

Maximum User Identification

Identifies users by IP address, key fingerprint, key comment, and connection type

🔔

Flexible Notifications

Separate sound and silent messages for different connection types with Telegram integration

🛡️

Reliability & Security

Prevents duplicate notifications and includes retry logic for network failures

⚙️

Flexible Configuration

Easy configuration through config file with support for exclusions and rate limiting

📊

Rate Limiting

Prevents notification spam with configurable rate limiting per IP and key

📝

Detailed Logging

Comprehensive logging with optional JSON format for monitoring integration

Quick Start

Get SSH monitoring up and running in minutes

🚀

One-Command Setup

Automated installation and configuration

git clone https://github.com/B4DCATs/ssh-login-alert
cd ssh-login-alert && sudo ./install.sh

✅ SSH Alert installed and configured

⚙️

Manual Configuration

Custom setup with manual configuration

sudo nano /etc/ssh-alert/config.conf
sudo systemctl restart ssh-alert

✅ Configuration updated and service restarted

Complete SSH Security Setup

Configure Telegram bot and test notifications

# Configure Telegram bot token and chat ID
sudo nano /etc/ssh-alert/config.conf
sudo /opt/ssh-alert/ssh-alert-enhanced.sh

Logs: /var/log/ssh-alert.log

Config: /etc/ssh-alert/config.conf

Scripts: /opt/ssh-alert/

Configuration

Complete SSH Alert configuration reference

Basic Settings

TELEGRAM_BOT_TOKEN

Your Telegram bot token from @BotFather

TELEGRAM_CHAT_ID

Chat ID for receiving notifications

SERVER_NAME

Server identifier in notifications

Notification Settings

NOTIFY_INTERACTIVE_SESSIONS

Enable notifications for interactive shells

NOTIFY_TUNNELS

Enable notifications for SSH tunnels

RATE_LIMIT_PER_IP

Rate limit per IP address (seconds)

Example Configuration

Basic configuration:

TELEGRAM_BOT_TOKEN="your_bot_token_here"

Rate limiting:

RATE_LIMIT_PER_IP=300

Debug logging:

LOG_LEVEL="DEBUG"

Security Features

Production-ready security for enterprise environments

🔒

Minimal Dependencies

Works without SSH client modifications and uses minimal system resources

Requirements: Python 3.6+, curl, bash 4.0+

⚡

Rate Limiting

Prevents notification spam with configurable rate limiting per IP and key

🔍

Detailed Logging

Comprehensive logging with optional JSON format for monitoring integration

🚫

Key Exclusions

Exclude automated connections from notifications (CI/CD, monitoring)

📝

Retry Logic

Automatic retries on network or Telegram API failures for reliability

👤

Root Installation

Requires root privileges for SSH integration and system configuration