Abishek Muthian

RSSEmailMastodonWheelchairBlueskyNewsletterTwitterGitHubDribbbleLinkedInFacebookInstagramYouTubePinterestReddit icon

OpenWrt login alert

Posted at — Oct 5, 2021 by Abishek Muthian

I wanted to receive alert when logged into my OpenWrt router via SSH and this what I did.

Replace Dropbear with OpenSSH-server

OpenWrt uses lightweight Dropbear as SSH server by default but it needs to be compiled with PAM support to add alerts. Instead I'm replacing Dropbear with OpenSSH server.

I followed the official Replacing Dropbear by openssh-server wiki except the following changes.

Install MQTT client

Installed mosquitto-client-nossl for sending alerts.

Create login-notify

I created the login-notify script in /etc/ssh/ and made it executable.

MQTT

#!/bin/sh

if [ "$PAM_TYPE" != "close_session" ]; then
message="{\"summary\":\"SSH Login\",\"body\":\"$PAM_USER from $PAM_RHOST on OpenWrt\"}" 
    mosquitto_pub -h 192.168.1.10 -m "$message" -t house/smartwatch
fi

Gotify

#!/bin/sh

if [ "$PAM_TYPE" != "close_session" ]; then
message="{\"summary\":\"SSH Login\",\"body\":\"$PAM_USER from $PAM_RHOST on OpenWrt\"}"
    curl "http://[Gotify Server]/message?token=[token]" -F "title=Router Login" -F "message=$message" -F "priority=5"
fi

If you prefer email to MQTT or Gotify, Then you can use this script instead..

Triggering login-notify on SSH login

Added the following to /etc/pam.d/sshd to trigger the login-notify script during SSH login via Linux Pluggable Authentication Module.

session optional pam_exec.so seteuid /etc/ssh/login-notify

Whitelist login-notify to survive upgrades

I added /etc/ssh/login-notify, /etc/ssh/sshd_config, /etc/pam.d/sshd under System -> Backup / Flash Firmware -> Configuration in LuCI to prevent it being removed during OpenWrt upgrades.

Receiving the MQTT Message

I have setup a smart clock to receive the MQTT message.

Smart Clock with AsteroidOS
Smart clock on the desk for those high severity notifications

Receiving the Gotify Message

I receive the gotify message when anyone login into my router like this -

Gotify notification on android
Gotify notification when anyone login into my router

Change log

12-Dec-2024: Added script and screenshot for Gotify.

30-Nov-2021: Added more files to the whitelist as a precaution.

Newsletter

I strive to write low frequency, High quality content on Health, Product Development, Programming, Software Engineering, DIY, Security, Philosophy and other interests. If you would like to receive them in your email inbox then please consider subscribing to my Newsletter.