Send encrypted notifications directly to Signal users.

Uses Ubuntu 18.04 Server Base Install.


Server Setup

Download the Latest Release.

Install dependencies.
apt install default-jre
Create signal system user.
adduser --system --home /data/signal --shell /bin/false signal
Install dependencies and extract release.
tar xvf signal-cli-*.tar.gz -C /data/signal/cli
chmod go-rwx /data/signal
chown -R signal /data/signal

Send Test Message

Send a test message to ensure everything works then copy cofiguration keys for service.

Send test message.
./signal-cli -u +{INTERNATIONAL PHONE NUMBER} send -m "This is a test message" +{INTERNATIONAL PHONE NUMBER}


You can actually send the message from and to the same number. It will be received in Signal as a Note to Self.

Copy configuration to service directory.
cp -av ~/.local/share/signal-cli/data /data/signal/
chmod go-rwx -R /data/signal
chown -R signal /data/signal


These files must be secured as any access to these credentials will allow messages to be sent as you.

Access can be disabled in the Signal App at any time.

Send SSH Login Notification

Enables Signal messaging when a user logs into the system via SSH.

Script will only send notifications on opening SSH connections.

0700 signal signal /data/signal/ssh-signal-notify
if [ ${PAM_TYPE} = "open_session" ]; then
  DATE_EXEC="$(date "+%F %H:%M:%S")"
  HOSTNAME=$(hostname -f)
  HOST_IP=$(hostname -I | awk '{print $1}')
  su - signal -c /data/signal/cli/bin/signal-cli --config /data/signal -u +{INTERNATIONAL PHONE NUMBER} send -m "$TEXT" +{INTERNATIONAL PHONE NUMBER} &
exit 0
0644 root root /etc/pam.d/sshd
## Add at end of file.
# Alert successful logins via signal.
session    optional seteuid /data/signal/ssh-signal-notify


pam_exec will not have user environment variables by default. See pam_exec reference for environment variables. Enabling user environment variables is dangerous.

Enable debug and check /var/log/auth.log if notification does not fire. Any errors with optional scripts are generally dropped sliently.


  1. PAM Reference

  2. Signal CLI Reference

  3. Signal CLI Docker

  4. SSH Login Notifications with Signal

  5. pam_exec Reference

  6. Run sshd login script one