How to setup SSH login banner messages?

It’s a good idea to create a login banner for remote login. Through this we can warn unauthorized users before login into system or we can display a welcome message to authorized users. For doing this we need SSH root access to the server. The best practice is to set up SSH login banners while doing security hardening.

There are two ways to setup SSH login banners, a) Before Login and b) After login.

1. How to setup SSH login banners before login?

In this operation we are going to make some changes in SSH configuration file. First, login to server as root user and create a file with any name. I would prefer to create it under “/etc/ssh” folder in the name “welcome_banner”.

[root@HostDire ~]# vim /etc/ssh/welcome_banner

This is the file where we are going to write warning message. You can add your own warning messages or the one given below.

This system is for the use of authorized users only. Usage of  this system may be monitored and recorded by system personnel.  Anyone using this system expressly consents to such monitoring  and is advised that if such monitoring reveals possible evidence of criminal activity, system personnel may provide the evidence from such monitoring to law enforcement officials.

The next objective is to display this warning message during remote login, for that we need to include this file in sshd_config file. Please note, by default banner option is disabled in all ssh configuration files.

You can verify the banner entry status in an ssh configuration file by executing the following command in shell prompts.

[root@HostDire ~] # cat /etc/ssh/sshd_config | grep -i banner
# no default banner path
# Banner
[root@HostDire ~] 

Now, it’s the time to include the newly created warning message file in SSH config file. For that you need to uncomment the Banner entry and specify the file along the banner entry. Open SSH configuration file in your favourite editor and search for the entry “Banner”.

[root@HostDire ~]# vim /etc/ssh/sshd_config

After making modifications it should be something like given below.

[root@HostDire ~]# cat /etc/ssh/sshd_config | grep -i banner
# no default banner path
Banner /etc/ssh/welcome_banner
[root@HostDire ~]

At last you need to reload or restart ssh.

[root@HostDire ~]# /etc/init.d/sshd reload/restart

From now, you should be able to see warning messages whenever you login to SSH console.

2. How to set up SSH login banners after login?

To set this up you may use the file /etc/motd to display a welcome message after login. First, Open file motd in your favourite editor like vim or nano and enter welcome message and save it.

[root@HostDire ~]# vim /etc/motd

This system is for the use of authorized users only. Usage of  this system may be monitored and recorded by system personnel.  Anyone using this system expressly consents to such monitoring  and is advised that if such monitoring reveals possible evidence of criminal activity, system personnel may provide the evidence from such monitoring to law enforcement officials.

Now you may try to login to server and you should be able to view pre banner and post banner messages.

Total
0
Shares
Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts