0

I'm trying to execute a bash file whenever there's a failed attempted login via SSH onto my Ubuntu server.

Can anyone suggest how to do this?

As an aside, I'm currently running a script on a successful logon using the /etc/pam.d/sshd file. I'd like to do the same for unsuccessful logons.

session optional pam_exec.so /usr/bin/my-script.sh
Improve this question

1 Answer 1

Reset to default
0

One option is fail2ban. It's designed to run as a daemon and watch the sshd logfile for login failures. While its normal function is to update an iptables config to ban the IP address that failed to log in (multiple times), you can configure it to do something else instead such as invoke your custom script. (this is found in the manual linked above in the "Actions" section)

Improve this answer
2
  • Thanks for this. This seems a sensible route. I've installed fail2ban and have been looking at the action.d directory where I believe I need to put a call. Are you able to tell me where I'd put the call to a .sh file? Commented Mar 9, 2023 at 1:11
  • @StephenEllis I haven't customized fail2ban like this, I've only used it to block connections using its pre-configured settings. So I don't have a specific suggestion to make. Commented Mar 14, 2023 at 4:25

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.