123ArticleOnline Logo
Welcome to 123ArticleOnline.com!
ALL >> Computer-Programming >> View Article

Setup Ssh Login Notification With Ip Geolocation

Profile Picture
By Author: Camimi Morales
Total Articles: 18
Comment this article
Facebook ShareTwitter ShareGoogle+ ShareTwitter Share

Server admins commonly use SSH to login to Linux servers. They will disable login via password due to the ease of brute force attacks these days. The recommended practice is to only allow login to the servers using private/public keys. It is also good to setup SSH notification with IP geolocation for better security. Admins will receive real-time notification whenever anyone logs in to the servers.

Getting an immediate notification when someone logs in is beneficial from a security viewpoint. It increases the chance that you can prevent an authorized party from doing real damage in your server. If you see a login for a suspicious region or ISP, you can take remedial action ASAP. A fast response to intrusion will give the bad actor no chance to steal your data.

Pre-requisites to setup SSH notification with IP geolocation
Our script will use the Web Service to query geolocation data using the user’s IP address. WS4 has data about Country, Region, City and ISP; more than enough for our notification example. That said, you can use a different package if you require more geolocation data.

To use the Web ...
... Service, you need an API key. If you don’t have one, kindly sign up one at https://www.ip2location.com/web-service/ip2location#123articleonline

In addition to the API key, you must also install
jq and wget in your Linux server. The wget package is required to call the Web Service while the jq package is required to parse JSON response from the web service.

SSH login notification script
To enable the SSH notification script to run upon login, the following code should be copied and pasted into your
~/.bashrc
file. Replace
IP2LOCATION_API_KEY
with the actual Web Service API key. If you want to enable Slack notification, then replace
SLACK_WEBHOOK_URL
with the actual URL. Otherwise, comment out the Slack specific lines of codes. Lastly, edit
NOTIFICATION_EMAIL
with the email address that will receive the notification.

API_KEY="IP2LOCATION_API_KEY"
SLACK_WEBHOOK="SLACK_WEBHOOK_URL"
EMAIL="NOTIFICATION_EMAIL"
IP="$(echo $SSH_CONNECTION | cut -d " " -f 1)"
if [ ! -z "$IP" ]; then
RESULT="$(wget -q -O /dev/stdout 'https://api.ip2location.com/v2/?key='"$API_KEY"'&ip='"$IP"'&package=WS4')"
CITY="$(echo $RESULT | jq -r .city_name)"
REGION="$(echo $RESULT | jq -r .region_name)"
COUNTRY="$(echo $RESULT | jq -r .country_name)"
LOCATION="$(echo $CITY, $REGION, $COUNTRY | sed 's/^[, ]\+//g')"
ISP="$(echo $RESULT | jq -r .isp)"
HOSTNAME=$(hostname -f)
NOW=$(date +"%e %b %Y, %a %r (UTC %Z)")
# Slack notification
wget -q -O /dev/null --no-check-certificate --header 'Content-Type: application/json' --post-data '{"username":"'"$HOSTNAME"'", "icon_url":"https://i.imgur.com/X2W00e2.png", "channel":"#general", "attachments":[{"title":"SSH Notification", "color":"#FDAE02", "mrkdwn_in": ["text"], "text": "*IP Address*: '"$IP"'\n*Location:* '"$LOCATION"'\n*ISP:* '"$ISP"'\n*Date:* '"$NOW"'"}]}' $SLACK_WEBHOOK
# Email notification
echo "SSH login from $LOCATION ($IP)." | mail -s "SSH Login Notification" "$EMAIL"
fi

Conclusion
IP geolocation is useful to detect where your users are logging in from. If you see any locations that are in unexpected regions, you should be alert and perform a security audit of your system. Data breach is a very serious issue these days so it pays to be extra vigilant with your monitoring.

Total Views: 479Word Count: 471See All articles From Author

Add Comment

Computer Programming Articles

1. How To Use Linkedin Market Your Business?
Author: brainbell10

2. 5 Reasons To Choose Business Central
Author: Modern businesses need a connected ERP solution th

3. How To Create A Wordpress Lms Website For Your Employees?
Author: brainbell10

4. Why Every Business Should Conduct Security Awareness Assessments Regularly
Author: Sam Vohra

5. Why Invest In Professional E-commerce Website Development? | Complete Guide For Growing Businesses
Author: Rudram Technology Solutions

6. How To Use Motion Design To Make App Experience Interesting?
Author: brainbell10

7. How To Prototype A Mobile App?
Author: brainbell10

8. Sql Server Tutorial – Learn Database Management With Step-by-step Examples
Author: Tech Point

9. Sql Tutorial For Beginners: Learn Database Management And Sql Queries Step By Step
Author: Tech Point

10. Dynamics 365 Data Migration Best Practices: A Guide
Author: brainbell10

11. How Does The Fintech And Banking Sector Use Apis?
Author: brainbell10

12. Dynamics 365 Case Management Features
Author: brainbell10

13. Everything You Need To Know About Mhealth Apps
Author: brainbell10

14. E-scooter Mobile App Development Cost & Features
Author: brainbell10

15. Rockhard 500
Author: Mukesh Mehta

Login To Account
Login Email:
Password:
Forgot Password?
New User?
Sign Up Newsletter
Email Address: