{ 20 comments… read them below or add one }

1 bomboclat May 16, 2008 at 9:45 am

if I telnet to ssh I still can read the version.
so, what’s this for?

Reply

2 Alexandre December 28, 2008 at 2:33 am

If you want any credibility in court in case of unauthorized access, never say “welcome” on your banner. Your message should be along the lines of “you will suffer legal actions against you if you continue. Go away!”. I guess you can do whatever you want in /etc/motd.

Reply

3 Pavel January 17, 2009 at 11:56 am

But message in /etc/motd is displayed after login. If I use nc -vv I can still see version of ssh. so, what’s this for?

Reply

4 The Doctor April 1, 2009 at 2:56 am

Great article. This site has easily become my main source in teaching myself GNU/Linux beyond the GUI.

Using Ubuntu 8.10 x64, sshd-banner was over-ridden by motd (per Pavel), so I used that file instead.

I agree w/ Alexandre… my motd states activity is logged & may be forwarded to law enforcement & citing parts of the local penal code.

Reply

5 Daniel Beckman March 15, 2010 at 6:18 pm

I think step 3 has a typo:

/etc/sshd/sshd_config

At least on Red Hat 5 and Solaris 10, sshd_config is in /etc/ssh, not /etc/sshd.

Reply

6 Amine April 4, 2010 at 9:39 pm

You are right Daniel it is a typo.
sshd_config is in /etc/ssh – in Ubuntu Server too.

Reply

7 Amine April 4, 2010 at 9:40 pm

Forgot to say nice tip nevertheless. Thank you!

Reply

8 Juan Alvarez June 24, 2010 at 1:26 pm

However: “ssh -q {login}@{server}” avoid the message.

Reply

9 Rod MacPherson July 16, 2010 at 7:59 pm

You shouldn’t use /etc/motd for your legal warning, that is what /etc/issue and /etc/issue.net is for.

/etc/motd should come AFTER you login. /etc/motd is for system announcements and other impartant info that you want authenticated users to know about before they start to actaully use the system. /etc/issue* is for legal warnings to establish the terms and conditions by which someone is allowed to use the system.

This is a decent /etc/issue file:
—————————————————————————————————–
This is a private system.
Only authorized users may access this system with their individually
assigned user accounts. Sharing account information with anyone is prohibited.
All access to this system and all traffic to and from it may be monitored
by the system owner.
—————————————————————————————————–

Reply

10 Peter Shankland September 22, 2010 at 1:48 pm

After looking at issue.net this is the same as issue but for telnet sessions. How do you do the same thing but for SSH sessions?

Thanks.

Reply

11 TheGooch February 17, 2011 at 1:16 am

In Solaris, for SSH you edit /etc/ssh/sshd_config:
Banner=/etc/issue

and put the pre-login message there.

Reply

12 Erik Bussink September 15, 2011 at 9:23 pm

I like this
—————————————————————————–
This computer system is for authorized users only. Individuals using this
system without authority or in excess of their authority are subject to
having all their activities on this system monitored and recorded or examined
by any authorized person, including law enforcement, as system personnel deem
appropriate. In the course of monitoring individuals improperly using the
system or in the course of system maintenance, the activities of authorized
users may also be monitored and recorded. Any material so recorded may be
disclosed as appropriate. Anyone using this system consents to these terms.
—————————————————————————–

Reply

13 Brian A October 8, 2011 at 7:08 am

Used this personally:

This computer system is the private property of its owner, whether
individual, corporate or government. It is for AUTHORIZED USE only.

By using this system, the user consents to such interception, monitoring,
recording, copying, auditing, inspection, and disclosure at the
discretion of such personnel or officials. Unauthorized or improper use
of this system may result in civil and criminal penalties and
administrative or disciplinary action, as appropriate.

By continuing to use this system you indicate your awareness of and consent
to these terms and conditions of use. LOG OFF IMMEDIATELY if you do not
agree to the conditions stated in this warning.

Reply

14 Schorschi January 6, 2012 at 12:29 am

This does not work for RHEL 5.x, 6.x, Fedora 11 or later, or even CentOS 5.x, 6.x. PuTTY .6x seems to ignore any banner before login. Using /etc/issue.net is USELESS for legal purposes because it is displayed after login id is entered. And /etc/motd is USELESS because login is already completed. Last, pam_echo.so should enforce this no matter what the SSH client does, but appears to only work on the actual console virtual terminals, not SSH sessions via PuTTY.

Reply

15 Daniel Beckman January 6, 2012 at 3:27 pm

Here is a crazy thought: before you declare something useless, try actually reading the article. It works on all of the RHEL 5 and 6 and Solaris 10 servers I administer.
Also, note the title of the article. Does it mention telnet or PAM or the local console? No, it doesn’t. It only concerns login banners for logins over SSH. Don’t piss on an article someone contributed just because it doesn’t cover everything you might want to do.

To those who are coming up with their own banners: if you are doing this for a large organization or government entity, get advise from the legal team or upper management about what to put in. Every place may have different requirements.

Thanks again to the original contributors — it’s nice to have all of these basic tips in one place.

Reply

16 Don June 22, 2012 at 5:36 pm

I found this page wile looking for a 100% effective ssh banner no matter what the client. Using password authentication, I have discovered that putty does not display the banner until after you have entered your username. Then it displays the banner and asks for your password. Also, displaying the pre-authentication banner is an option that the user can disable in the putty configuration under Connection->SSH->Auth. I’m not sure what that does for you in court if you can’t prove that the banner was ever shown, but should be fine in friendly environments where you can control the client and are just trying to get some information to the user. Anyway, just wanted to point out that putty does, by default, display the banner, just not when you might think it should at first. Also it can be disabled.

Reply

17 BrianBlaze October 22, 2012 at 2:17 pm

Awesome! Thanks!

Reply

18 Schorschi October 22, 2012 at 3:26 pm

Let me qualify, usefulness is much less than it could or should be, no QSA on the planet would it accept a banner after entry of id… it must be before any action is taken, displayed immediately on connection of session. True, this quite specific, but the title of this discussion implies just that, that banner/security notification is done before any interactive action, and that is not the case depending on the client used. I think the goal would be to get the clients to display the banner immediately, but first, SSHD must have this feature established as well, consistently as noted above. The current situation is not acceptable for even the minimum for enterprise security given the QSAs I interact with, this issue routinely is established as an exception finding.

Reply

19 Pradeep December 21, 2012 at 6:19 am

can somebody help me.. MOTD is not displaying in my machine
I have checked the /etc/ssh/sshd_config file and the printmotd is showing yes and also USEPAM YES.

Thanks
Pradeep

Reply

20 Tommy February 10, 2013 at 9:12 pm

Hey All,

We have set up an SSH on an Unbuntu (11) box. As I am trying to customize it (Like creating a custom banner which brought me here) everyone keeps telling me to edit the sshd_config file. However, when I open the file, it is empty. I have tried vi and nano as well as the GUI text editor and it always shows up blank. The ssh server runs fine and we can access it both internally and from the net. Not sure what I am doing wrong here.

Thanks,

Reply

Leave a Comment

Tagged as: , , , , , , ,

Previous post:

Next post: