≡ Menu

How to force sshd server to display login banner before login (change the ssh server login banner)

Pre login banner is use for sending a warning message before authentication may be relevant for getting legal protection or just give out information to users. The contents of the specified file are sent to the remote user before authentication is allowed. This option is only available for protocol version 2. By default, no banner is displayed (if you are using latest version of Linux/UNIX then you do not have to worry about version issue).

Procedure to change OpenSSH pre login banner

1) By default sshd server turns off this feature.

2) Login as the root user; create your login banner file:

# vi /etc/ssh/sshd-banner

Append text:
Welcome to nixCraft Remote Login!

3) Open sshd configuration file /etc/sshd/sshd_config using a text editor:

# vi /etc/sshd/sshd_config

4) Add/edit the following line:

Banner /etc/ssh/sshd-banner

5) Save file and restart the sshd server:

# /etc/init.d/sshd restart

6) Test your new banner (from Linux or UNIX workstation or use any other ssh client):

$ ssh vivek@rh3es.nixcraft.org

Welcome to nixCraft Labs!
vivek@ rh3es.nixcraft.org's password:

Please note that this feature may not work with third party ssh client such as Putty.

Tweet itFacebook itGoogle+ itPDF itFound an error/typo on this page?

{ 23 comments… add one }

  • bomboclat May 16, 2008, 9:45 am

    if I telnet to ssh I still can read the version.
    so, what’s this for?

  • Alexandre December 28, 2008, 2:33 am

    If you want any credibility in court in case of unauthorized access, never say “welcome” on your banner. Your message should be along the lines of “you will suffer legal actions against you if you continue. Go away!”. I guess you can do whatever you want in /etc/motd.

  • Pavel January 17, 2009, 11:56 am

    But message in /etc/motd is displayed after login. If I use nc -vv I can still see version of ssh. so, what’s this for?

  • The Doctor April 1, 2009, 2:56 am

    Great article. This site has easily become my main source in teaching myself GNU/Linux beyond the GUI.

    Using Ubuntu 8.10 x64, sshd-banner was over-ridden by motd (per Pavel), so I used that file instead.

    I agree w/ Alexandre… my motd states activity is logged & may be forwarded to law enforcement & citing parts of the local penal code.

  • Daniel Beckman March 15, 2010, 6:18 pm

    I think step 3 has a typo:


    At least on Red Hat 5 and Solaris 10, sshd_config is in /etc/ssh, not /etc/sshd.

  • Amine April 4, 2010, 9:39 pm

    You are right Daniel it is a typo.
    sshd_config is in /etc/ssh – in Ubuntu Server too.

  • Amine April 4, 2010, 9:40 pm

    Forgot to say nice tip nevertheless. Thank you!

  • Juan Alvarez June 24, 2010, 1:26 pm

    However: “ssh -q {login}@{server}” avoid the message.

  • Rod MacPherson July 16, 2010, 7:59 pm

    You shouldn’t use /etc/motd for your legal warning, that is what /etc/issue and /etc/issue.net is for.

    /etc/motd should come AFTER you login. /etc/motd is for system announcements and other impartant info that you want authenticated users to know about before they start to actaully use the system. /etc/issue* is for legal warnings to establish the terms and conditions by which someone is allowed to use the system.

    This is a decent /etc/issue file:
    This is a private system.
    Only authorized users may access this system with their individually
    assigned user accounts. Sharing account information with anyone is prohibited.
    All access to this system and all traffic to and from it may be monitored
    by the system owner.

  • Peter Shankland September 22, 2010, 1:48 pm

    After looking at issue.net this is the same as issue but for telnet sessions. How do you do the same thing but for SSH sessions?


  • TheGooch February 17, 2011, 1:16 am

    In Solaris, for SSH you edit /etc/ssh/sshd_config:

    and put the pre-login message there.

  • Erik Bussink September 15, 2011, 9:23 pm

    I like this
    This computer system is for authorized users only. Individuals using this
    system without authority or in excess of their authority are subject to
    having all their activities on this system monitored and recorded or examined
    by any authorized person, including law enforcement, as system personnel deem
    appropriate. In the course of monitoring individuals improperly using the
    system or in the course of system maintenance, the activities of authorized
    users may also be monitored and recorded. Any material so recorded may be
    disclosed as appropriate. Anyone using this system consents to these terms.

  • Brian A October 8, 2011, 7:08 am

    Used this personally:

    This computer system is the private property of its owner, whether
    individual, corporate or government. It is for AUTHORIZED USE only.

    By using this system, the user consents to such interception, monitoring,
    recording, copying, auditing, inspection, and disclosure at the
    discretion of such personnel or officials. Unauthorized or improper use
    of this system may result in civil and criminal penalties and
    administrative or disciplinary action, as appropriate.

    By continuing to use this system you indicate your awareness of and consent
    to these terms and conditions of use. LOG OFF IMMEDIATELY if you do not
    agree to the conditions stated in this warning.

  • Schorschi January 6, 2012, 12:29 am

    This does not work for RHEL 5.x, 6.x, Fedora 11 or later, or even CentOS 5.x, 6.x. PuTTY .6x seems to ignore any banner before login. Using /etc/issue.net is USELESS for legal purposes because it is displayed after login id is entered. And /etc/motd is USELESS because login is already completed. Last, pam_echo.so should enforce this no matter what the SSH client does, but appears to only work on the actual console virtual terminals, not SSH sessions via PuTTY.

  • Daniel Beckman January 6, 2012, 3:27 pm

    Here is a crazy thought: before you declare something useless, try actually reading the article. It works on all of the RHEL 5 and 6 and Solaris 10 servers I administer.
    Also, note the title of the article. Does it mention telnet or PAM or the local console? No, it doesn’t. It only concerns login banners for logins over SSH. Don’t piss on an article someone contributed just because it doesn’t cover everything you might want to do.

    To those who are coming up with their own banners: if you are doing this for a large organization or government entity, get advise from the legal team or upper management about what to put in. Every place may have different requirements.

    Thanks again to the original contributors — it’s nice to have all of these basic tips in one place.

  • Don June 22, 2012, 5:36 pm

    I found this page wile looking for a 100% effective ssh banner no matter what the client. Using password authentication, I have discovered that putty does not display the banner until after you have entered your username. Then it displays the banner and asks for your password. Also, displaying the pre-authentication banner is an option that the user can disable in the putty configuration under Connection->SSH->Auth. I’m not sure what that does for you in court if you can’t prove that the banner was ever shown, but should be fine in friendly environments where you can control the client and are just trying to get some information to the user. Anyway, just wanted to point out that putty does, by default, display the banner, just not when you might think it should at first. Also it can be disabled.

  • BrianBlaze October 22, 2012, 2:17 pm

    Awesome! Thanks!

  • Schorschi October 22, 2012, 3:26 pm

    Let me qualify, usefulness is much less than it could or should be, no QSA on the planet would it accept a banner after entry of id… it must be before any action is taken, displayed immediately on connection of session. True, this quite specific, but the title of this discussion implies just that, that banner/security notification is done before any interactive action, and that is not the case depending on the client used. I think the goal would be to get the clients to display the banner immediately, but first, SSHD must have this feature established as well, consistently as noted above. The current situation is not acceptable for even the minimum for enterprise security given the QSAs I interact with, this issue routinely is established as an exception finding.

  • Pradeep December 21, 2012, 6:19 am

    can somebody help me.. MOTD is not displaying in my machine
    I have checked the /etc/ssh/sshd_config file and the printmotd is showing yes and also USEPAM YES.


  • Tommy February 10, 2013, 9:12 pm

    Hey All,

    We have set up an SSH on an Unbuntu (11) box. As I am trying to customize it (Like creating a custom banner which brought me here) everyone keeps telling me to edit the sshd_config file. However, when I open the file, it is empty. I have tried vi and nano as well as the GUI text editor and it always shows up blank. The ssh server runs fine and we can access it both internally and from the net. Not sure what I am doing wrong here.


  • John January 18, 2015, 5:07 pm

    That’s all fine and dandy but unless you patch openssh you can telnet port 22 and get a very descriptive banner – that’s the one i’d be interested in deactivating.

  • dood August 8, 2015, 9:22 pm

    Mine says: “Fuck china, and fuck you!”
    Lets see if that rally up the 90% of scum bag “hackers”.

  • Premnath Bangar September 2, 2015, 5:17 am

    I have one queries about SSH Banner. How can I put ssh banner in Linux. I have know about /etc/issue, /etc/motd and make changes in /etc/ssh/sshd_config file.

    But question is that I have more than 100 Linux server It’s too much time consuming to make entry in each server. So, is there another way to do banner in SSH. Like, I can put banner file in one server and all the other server can use same file for the banner.

Leave a Comment