I am looking for help with a Linux server (CentOS) guide or script that can be used to send an email to a server account when a new SFTP connection is detected. For example, giving the connection name and the requesting IP address as well as connection authentication type (if possible) (such as SSH Key or a Password, etc.) .

I have next to no experience with Bash scripts, however I have successfully made exactly this which detects SSH connections; however I can't find out where to go to extend this to also notify the email address of SFTP Connections to the server,

Many thanks for any help on this.

I do realise this is pretty crappy question and I apologise, but search engine results are giving me lots of false results such as "how do I SFTP to my server?!" etc. which are clearly inappropriate.

Cheers

Update 1

So the /var/logs/secure collects the SFTP connection information. I would like to be able to grab that information some how and throw it out in a basic email.

My current working SSH detector does this in .bashrc:

echo -e 'ALERT - SSH access detected:' `date` `ls -l \`tty\` | awk '{print $3}'` '\n\nConnection Details: ' `w -h` '\n\nList of WHO: ' `who --login` | mail -s "Alert: Server Access Email Subject" [email protected]

This is called,triggered by CSF (ConfigServerFirewall)

I would like somehow to combine the two above so that when a info line is added to the /var/log/secure such as with:

Subsystem       sftp    /usr/libexec/openssh/sftp-server -l INFO

Then it will also be able to detect the line starts:

Accepted publickey for ....

That this line can then be thrown in an email out to the email address....

Update 2:

I may need to write my own Bash shim ....

Update 3:

Thanks to Piotr, my code for my shim is now:

#!/bin/bash
# Create a temporary log file
LOGFILE=$(/bin/mktemp /tmp/sftplog.XXXXXX)
# Redirect stderr to LOGFILE
exec 2>"$LOGFILE"

# Run the SFTP with logging to stderr
/usr/libexec/openssh/sftp-server -e -u 022 -l VERBOSE

# Use some sendmail substitute to send an e-mail
/usr/sbin/sendmail -i root@localhost <<EOF
From: [email protected]
To: [email protected]
Subject: SFTP connection for user $(LOGNAME)

Hello,
User $(LOGNAME) just connected to the SFTP server from $(SSH_CONNECTION).

Connection log:
$(<"$LOGFILE")
EOF

# echo -e "Hello,\nUser $(LOGNAME) just connected to the SFTP server from $(SSH_CONNECTION).\n\nConnection log:\n$(<"$LOGFILE")" | mail -s "SFTP connection for user $(LOGNAME)" [email protected]

# Delete the log
rm -f "$LOGFILE"

I have run the sendmail instruction from the command line and this works correctly, however new SFTP connections are resulting in EOF while reading packet.

Update 4

Reducing the script to :

#!/bin/bash
# Create a temporary log file

# Run the SFTP with logging to stderr
/usr/libexec/openssh/sftp-server -e -u 022 -l INFO
exec >/dev/null

Still returns the EOF while reading packet issue when connecting.

Update 5:

Setting the file permissions to be identical to the permissions of the original subsystem file (/usr/libexec/openssh/sftp-server) resolves the issue and the script runs correctly.