I wanted to receive alert when logged into my OpenWrt router via SSH and this what I did.
OpenWrt uses lightweight Dropbear as SSH server by default but it needs to be compiled with PAM support to add alerts. Instead I'm replacing Dropbear with OpenSSH server.
I followed the official Replacing Dropbear by openssh-server wiki except the following changes.
authorized_keys from /etc/dropbear to ~/.ssh/./etc/ssh/sshd_config:PremitRootLogin yes
PubkeyAuthentication yes
UsePAM yes
Installed mosquitto-client-nossl for sending alerts.
I created the login-notify script in /etc/ssh/ and made it executable.
#!/bin/sh
if [ "$PAM_TYPE" != "close_session" ]; then
message="{\"summary\":\"SSH Login\",\"body\":\"$PAM_USER from $PAM_RHOST on OpenWrt\"}"
mosquitto_pub -h 192.168.1.10 -m "$message" -t house/smartwatch
fi#!/bin/sh
if [ "$PAM_TYPE" != "close_session" ]; then
message="{\"summary\":\"SSH Login\",\"body\":\"$PAM_USER from $PAM_RHOST on OpenWrt\"}"
curl "http://[Gotify Server]/message?token=[token]" -F "title=Router Login" -F "message=$message" -F "priority=5"
fiIf you prefer email to MQTT or Gotify, Then you can use this script instead..
Added the following to /etc/pam.d/sshd to trigger the login-notify script during SSH login via Linux Pluggable Authentication Module.
session optional pam_exec.so seteuid /etc/ssh/login-notify
I added /etc/ssh/login-notify, /etc/ssh/sshd_config, /etc/pam.d/sshd under System -> Backup / Flash Firmware -> Configuration in LuCI to prevent it being removed during OpenWrt upgrades.
I have setup a smart clock to receive the MQTT message.

I receive the gotify message when anyone login into my router like this -

12-Dec-2024: Added script and screenshot for Gotify.
30-Nov-2021: Added more files to the whitelist as a precaution.