A beautiful CLI tool for monitoring SSH logins on remote servers with instant Telegram notifications. Built with Go and featuring a modern terminal UI.
- 🖥️ Multi-server management — Add, edit, and remove servers from a single CLI
- 🚀 One-click agent deployment — Deploy PAM-based monitoring agents via SSH
- 📱 Instant Telegram alerts — Get notified immediately when someone logs in
- 🔒 Secure credential storage — AES-256-GCM encryption for all passwords
- 🎨 Modern terminal UI — Beautiful interface with responsive design
- ⚡ Real-time status monitoring — Check agent status and view logs
- 🔄 Auto-installation — Automated linter setup for development
- Go 1.22 or higher
- SQLite3
- SSH access to target servers (with sudo privileges)
- A Telegram bot token (get one from @BotFather)
# Clone the repository
git clone https://github.com/DementevVV/sshwatch.git
cd sshwatch
# Install dependencies
make deps
# Build the binary
make build
# Or build and run
make rungo build -o sshwatch ./cmd/sshwatch
./sshwatch- Configure Telegram — Press
sto open settings and enter your bot token and chat ID - Add a server — Press
ato add your first server - Deploy the agent — Select the server and press
Enter, then pressdto deploy - Enable monitoring — Press
eto enable the agent
That's it! You'll now receive Telegram notifications for all SSH logins.
| Key | Action |
|---|---|
a |
Add new server |
e |
Edit selected server |
d |
Delete selected server |
l |
View activity logs |
s |
Open Telegram settings |
Enter |
Open server menu |
/ |
Search/filter servers |
↑/↓ |
Navigate server list |
q |
Quit application |
| Key | Action |
|---|---|
d |
Deploy agent to server |
r |
Remove agent from server |
e |
Enable agent (start monitoring) |
x |
Disable agent (stop monitoring) |
s |
Check agent status |
l |
View server logs |
Esc |
Go back to main screen |
When someone logs in via SSH, you'll receive a message like this:
🔓 SSH Login
Server: production-web-01
User: root
Source IP: 192.168.1.100
Time: 2026-02-02 15:30:45 UTC
Hostname: client-machine.local
Status: ✅ Connected
- Encrypted passwords — All server passwords are encrypted with AES-256-GCM
- Local database — Credentials never leave your machine
- PAM integration — Uses the standard Linux authentication framework
- No root required locally — Only the remote agent needs elevated privileges
- Secure SSH connections — Standard SSH protocol for all communications
make build # Build the application
make build-all # Build for all platforms (Linux, macOS, Windows)
make run # Build and run the application
make deps # Install/update dependencies
make test # Run tests
make clean # Remove build artifacts
make install # Install to /usr/local/bin
make uninstall # Remove from /usr/local/bin
make dev # Run with hot reload (requires air)
make fmt # Format code
make lint # Run linter (auto-installs if needed)
make help # Show all available commandsThe project uses golangci-lint for code quality checks. The linter is automatically installed when you run:
make lintsshwatch/
├── cmd/
│ └── sshwatch/
│ └── main.go # Application entry point
├── internal/
│ ├── db/ # SQLite database layer
│ │ ├── database.go # Database connection
│ │ ├── models.go # Data models
│ │ └── migrations.go # Schema migrations
│ ├── ssh/ # SSH operations
│ │ ├── client.go # SSH client wrapper
│ │ ├── deploy.go # Agent deployment
│ │ └── control.go # Agent control commands
│ ├── telegram/ # Telegram integration
│ │ └── bot.go # Bot API wrapper
│ ├── crypto/ # Encryption utilities
│ │ └── encryption.go # AES-256-GCM encryption
│ └── ui/ # Terminal UI (Bubble Tea)
│ ├── app.go # Main application model & Update
│ ├── views.go # View rendering functions
│ ├── handlers.go # Form & menu handlers
│ ├── actions.go # SSH action commands
│ ├── list.go # Server list component
│ ├── form.go # Server input forms (huh)
│ ├── settings.go # Settings form (huh)
│ └── styles.go # UI styling & themes
├── assets/
│ └── agent/ # Remote agent scripts
│ ├── monitor.sh # PAM script for monitoring
│ ├── ssh-monitor.service # Systemd service file
│ ├── pam-sshd.conf # PAM configuration
│ └── config.conf # Agent configuration template
├── bin/ # Build output directory
├── Makefile # Build automation
└── go.mod # Go dependencies
- Agent Deployment — The CLI uploads monitoring scripts to the remote server via SSH
- PAM Integration — The agent integrates with Linux PAM (Pluggable Authentication Modules)
- Event Capture — When a user logs in, PAM triggers the monitoring script
- Telegram Notification — The script sends login details to your Telegram chat via Bot API
- Systemd Management — The agent is managed as a systemd service for reliability
- Ensure you have sudo privileges on the remote server
- Check that SSH connection is working:
ssh user@server - Verify the server has
systemdinstalled
- Test Telegram configuration with the "Test" button in settings
- Check agent status on the server:
systemctl status ssh-monitor - View agent logs: Select server → Press
l
- The database file is created automatically in the current directory
- To reset:
rm sshwatch.dband restart the application
Contributions are welcome! Please feel free to submit a Pull Request.
- Fork the repository
- Clone your fork:
git clone https://github.com/YOUR_USERNAME/sshwatch.git - Create a feature branch:
git checkout -b feature/amazing-feature - Make your changes and commit:
git commit -m 'Add amazing feature' - Push to the branch:
git push origin feature/amazing-feature - Open a Pull Request
Please ensure your code:
- Passes all tests:
make test - Passes linting:
make lint - Is properly formatted:
make fmt
This project is licensed under the MIT License - see the LICENSE file for details.
- Bubble Tea — The TUI framework powering the interface
- Lip Gloss — Terminal styling and layout
- Bubbles — Reusable TUI components
- Huh — Declarative form library for beautiful inputs
If you have any questions or issues, please:
- Check the Issues page
- Create a new issue if your problem isn't already reported
- Provide as much detail as possible (OS, Go version, error messages)
Made with ❤️ by DementevVV