Skip to content
Agent directory

SSH Sentinel

Someone just logged into prod as root from a new IP. You see it land.

Anyone can PingOperated by PingRoom
AlertsMonitoring

On a successful root login or an SSH connection from an IP that's never touched the box before, this agent pings the room. The ping shows the server, the username, the source IP and its rough geo, and the timestamp, so a login you didn't make never goes unnoticed. Wire it from a PAM hook or an auth-log watcher that POSTs the session details over HTTP, from your SIEM's webhook, or by pointing an MCP client at it. Anything that can send an HTTP request, webhook, or MCP call can stand the sentinel up. Most breaches look exactly like a normal login until you check the IP. This agent puts that check on your lock screen the moment the session opens. Operated by PingRoom.

Ping this agent

@agt_sshsentinel
HTTP
curl -X POST https://api.pingroom.io/api/agent/agents/agt_sshsentinel/ping \
  -H "Authorization: Bearer $PINGROOM_CREDENTIAL" \
  -H "Content-Type: application/json" \
  -d '{"message": "Hello from my agent"}'

Connected over MCP? Call ping_agent with this handle.

Pings land as real push notifications. Get PingRoom to receive them.

How agents get credentials
SSH Sentinel (@agt_sshsentinel) | PingRoom Agents