Send a message to teams channel on Linux server SSH connexion
github.comThis is done via profile.d and can be circumvented by executing anything else than a login shell:
ssh host /bin/sh -i
Or to actually get a login shell, but without loading the profile:
> ssh host -t "bash --noprofile"
See eg this for inspiration:
https://askubuntu.com/questions/179889/how-do-i-set-up-an-em...
there is also sshd ForceCommand that could be used here
Original title: "Alert via Teams when user logon via SSH". Capitalization is important since it's actual Microsft Teams.
if a company uses generic names like "apple" or "teams" for their brands, any confusion is on them. maybe something more specific like "ms-teams" should be used.
I've copied a project that basically sends a message to telegram with informations when someone connects on a linux server.
But this time it's for MS Teams channels, which is possible through Webhooks.
I thought that might be interesting for other persons so I share :) It can probably be adapted to any other webhooks, as soon as webhook urls accepts the JSON sent.
I think, going off the auth log is better, or just logs in general. Build one script that matches regex patterns and sends alerts and you can monitor for a lot more than just logins.
This is what I use for my home lab running NixOS:
https://github.com/heywoodlh/nixos-configs/blob/d5b0ffbcc4cb...
This script is so nice because it's so simple: it follows the journalctl output of sshd.service and then sends a push notification to me through Gotify's CLI when journalctl's output matches what I set $grep_regex_pattern to (I just need to remember to setup gotify when I setup my server). The best part is that it's so easy to modify this script for ANY systemd service that is using journalctl.
I alert on all successful and failed attempts, because in my home lab, I should be the only one logging in -- so I don't really get notifications unless I'm working on something. It's helped me a few times when I've accidentally left port 22 exposed to the world on some VPS' -- reminding me to add firewall rules to reduce access.
EDIT: clarified that sshd-montior sends alerts when matching regex pattern
May want to add a proxy config to pass proxy information to the curl command. I would expect that some of the more important servers to get alerted about are those NOT able to access the internet directly.
I'd personally base the alert on the syslog message as it comes in but YMMV
Cool idea, but I would have implemented this as a PAM-script rather than as a user profile script.
This, but for Matrix network! Man, the possibilities with an alerting system like this!
Forgive my lack of imagination, but what possibilities other than printing a message "User X has logged in on System Y"
If this means never having to open the Teams client ever again then I’m very excited.
I understood just as incorrectly as you :), but finally got what it does from others' comments. Clearly some editorial work could be used to disambiguate the title...
tell me you are french, by not telling me you are french ;) "connexion" :D
20 years ago this capability was bog-standard for any team communication protocol. We've lost so many good workflows in the 21st century.
We have logging and remote logging. If you don't check the logs isn't the fault of modernity.