2
1
I want to enable SSH on my Mac, but I want to be notified when someone tries to log in.
I'm running on a non-default port, so attempts should be rare.
I'm currently running a growl notification in .profile, but I'm not sure that is fool-proof, and I'd rather have email.
lgn=`who | grep "("`
if [ -n "$lgn" ]; then
growlnotify login -m $lgn
fi
Pepijn
Posted 2012-05-22T07:17:26.337
Reputation: 505
1
This answer is specific to Mountain Lion (10.8):
At a general level, instead of using the who command, you could have a daemon monitor /var/log/system.log.
Specifically, look for these kinds of messages:
Jan 22 01:06:26 hostname sshd[1787]: input_userauth_request: invalid user foo [preauth]
Jan 22 01:06:58 hostname sshd[1794]: error: PAM: authentication error for root from 1.2.3.4 via 5.6.7.8
I realize this is an old question, but I'm also looking for a more concrete (and perhaps ready-made) solution to this; were you (OP) able to find a satisfying answer?
As an aside, it might be more beneficial asking at AskDifferent.
orryowr
Posted 2012-05-22T07:17:26.337
Reputation: 297
0
Saying that attempts will be rare because you changed the port, means that most probably script kiddies will be "tricked" by this. Somebody will first use a program like NMap to scan your machine for open ports and afterwards try to connect to those.
Anyway, getting back to your question, you might want to first check these questions on Stack Overflow and Stack Exchange, which present interesting solution to your problem.
Silviu
Posted 2012-05-22T07:17:26.337
Reputation: 616