¶ Introduction
When you expose your SSH server access to the open internet you should secure it as best as possible. This article explains how you get notified via Telegram messanger for every SSH login on your server. That means if you receive a notification without actually logging into your server: you got compromised! Now you can take immediate actions against the attacker.
¶ Prepare Telegram
¶ Create Telegram Bot
You have to create a bot which is allowed to send messages to you.
Search for the contact BotFather (make sure to select the correct one) and type the command
/newbot
and follow the instructions on screen.
At the end you should get a token. Write that token down now!
¶ Contact Bot
Now you have to contact the new bot with the Telegram account with which you want to receive the SSH login notification messages.
Search for your bots name and press Start at the bottom on the screen. Additionally write him a message with whatever content you want.
¶ Get Chat ID
Enter the following URL into your browser, curl or anything else:
https://api.telegram.org/bot<YOUR-BOT-TOKEN>/getUpdates
The URL should look something like this:
https://api.telegram.org/bot123456:ABC-DEF1234ghIkl-zyx57W2v1u123ew11/getUpdates
Note that your token comes right after the word bot without anything in between.
You should see a response something like this:
{
"ok":true,
"result":[
{
"update_id":549512,
"message":{
"message_id":2,
"from":{
"id":264859,
"is_bot":false,
"first_name":"Peter Panda",
"username":"peter_panda",
"language_code":"de"
},
"chat":{
"id":264859,
"first_name":"Peter Panda",
"username":"peter_panda",
"type":"private"
},
"date":1621276807,
"text":"Hi"
}
}
]
}
In line 22 you see the text "hi" I was sending to the bot as shown in the screenshot above.
Write down your Chat ID from line 16: 264859
Warning: Do not make this Chat ID public! Otherwise you might get spammed by bots. Bots are supposed to be able to message you back only, as they should only know your Chat ID when you texted them first.
Note: This is not my real telegram name/ID.
¶ Send Test Message
Now you have all the infos you need to send messages to yourself with the bot:
- BOT TOKEN
- your Chat ID
You can send a message using the following URL:
https://api.telegram.org/bot<YOUR-BOT-TOKEN>/sendMessage?chat_id=<YOUR-CHAT-ID>&text=<YOUR-MESSAGE>
or you can use the following bash script, make sure to enter at least your token and your chat ID:
#! /bin/bash
BOT_TOKEN="123456:ABC-DEF1234ghIkl-zyx57W2v1u123ew11"
CHAT_ID="264859"
MESSAGE="Hello World!"
wget -o /dev/null -O /dev/null "https://api.telegram.org/bot${BOT_TOKEN}/sendMessage?chat_id=${CHAT_ID}&text=${MESSAGE}"
¶ Create Script
Now you have all the infos you need to send messages to yourself with the bot.
Create the following script as /etc/ssh/sshrc or insert the content at the beginning if the file exists:
#! /bin/bash
BOT_TOKEN="123456:ABC-DEF1234ghIkl-zyx57W2v1u123ew11"
CHAT_ID="123456"
IP=$(echo $SSH_CONNECTION | cut -d " " -f 1)
logger -t ssh-wrapper $USER login from $IP
MESSAGE="[SSH] user $USER logged in from $IP"
wget -o /dev/null -O /dev/null "https://api.telegram.org/bot${BOT_TOKEN}/sendMessage?chat_id=${CHAT_ID}&text=${MESSAGE}"
Make sure the file is executable:
chmod +x /etc/ssh/sshrc
Now you get a Telegram message when you login via SSH. And even better: You receive a message when someone else is loggin into your server!