一、准备秘钥
二、通知脚本
三、编辑 /etc/pam.d/sshd

一、准备秘钥

这里需要准备一个企业微信机器人密钥的密钥文件。

步骤一、创建目录 /etc/secrets

$ sudo mkdir -p /etc/secrets

步骤二、写入密钥

$ sudo vim /etc/secrets/ssh-login-notify-wecom-bot-key

写入企业微信机器人密钥 Base64 编码内容。

二、通知脚本

发送通知到企业微信机器人

$ sudo vim /usr/libexec/ssh-login-notify.sh

内容如下：

#!/usr/bin/env bash

#
#
# 1. Write WeCom bot key as base64 encoded content in /etc/secrets/ssh-login-notify-wecom-bot-key
# 2. Write this script to /usr/libexec/ssh-login-notify.sh
# 3. Run command: sudo chmod +x /usr/libexec/ssh-login-notify.sh
# 4. Edit /etc/pam.d/sshd
#   # SSH LOGIN NOTIFY
#   session optional pam_exec.so /usr/libexec/ssh-login-notify.sh

set -e

do_notify() {
  wecom_bot_key="$(< /etc/secrets/ssh-login-notify-wecom-bot-key base64 -d)"
  pam_user="${PAM_USER:-""}"
  pam_rhost="${PAM_RHOST:-""}"
  pam_type="${PAM_TYPE:-""}"
  pam_service="${PAM_SERVICE:-""}"
  pam_tty="${PAM_TTY:-""}"
  event_date_time=$(TZ=Asia/Shanghai date '+%F %T')
  event_hostname=$(hostname)
  msg="[SSH Session Notify] type: ${pam_type}, pam_service: ${pam_service}, pam_tty: ${pam_tty} user: $pam_user, from: $pam_rhost, host: $event_hostname, time: $event_date_time"
  # 1. 记录本地日志
  echo "${msg}" >> /var/log/ssh-login.log
  # 2. 发送企业微信通知
  curl "https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=${wecom_bot_key}" \
    -H 'Content-Type: application/json' \
    -d '{"msgtype": "text", "text": {"content": "'"${msg}"'"}}'
}

do_notify >/dev/null 2>&1 || true

赋予可执行权限：

$ sudo chmod +x /usr/libexec/ssh-login-notify.sh

三、编辑 /etc/pam.d/sshd

修改 /etc/pam.d/sshd 配置文件：

$ sudo vim /etc/pam.d/sshd

增加内容如下：

# SSH LOGIN NOTIFY
session optional pam_exec.so /usr/libexec/ssh-login-notify.sh

Author: ismdeep

Date: December 17, 2025 15:36:20

Permalink: https://ismdeep.github.io/posts/2025-12-17-ssh-login-notify.html

Tag(s): #Linux #SSH

SSH 登录通知配置方法

一、准备秘钥

二、通知脚本

三、编辑 /etc/pam.d/sshd

导航