How to setup Logon Banners in Linux
There are two ways where we can place the banner for the Server :
[stextbox id=”Default” mode=”css” bwidth=”7″ color=”FFFFFF” ccolor=”000000″ bcolor=”1A52EA” bgcolor=”000000″ bgcolorto=”000000″ image=”null”]
/etc/motd -> Will display the banner after the user logon
/etc/issue -> will display the banner before the user logon [/stextbox]
To Display SSH Warning / Legal Notice message to users before logon:
[1] Open the file as below:
[stextbox id=”Default” mode=”css” bwidth=”7″ color=”FFFFFF” ccolor=”000000″ bcolor=”1A52EA” bgcolor=”000000″ bgcolorto=”000000″ image=”null”] # vim /etc/issue[/stextbox]
Place the content of the notice in this file :
[2] Open the sshd configuration file for the changes: Look for the work “Banner” at the end of the file:
Replace as below in /etc/ssh/sshd_config file:
[stextbox id=”Default” mode=”css” bwidth=”7″ color=”FFFFFF” ccolor=”000000″ bcolor=”1A52EA” bgcolor=”000000″ bgcolorto=”000000″ image=”null”]Banner /etc/issue[/stextbox]
[3] To take effort we need to restart the SSH Service:
[stextbox id=”Default” mode=”css” bwidth=”7″ color=”FFFFFF” ccolor=”000000″ bcolor=”1A52EA” bgcolor=”000000″ bgcolorto=”000000″ image=”null”][root@quickfixlinux ~]# service sshd restart[/stextbox]
[4] Now try to login and you will displayed with the Banner and then with the password prompt.
To Display the SSH Notice/Warning after the User Login:
Open the file as below:
[stextbox id=”Default” mode=”css” bwidth=”7″ color=”FFFFFF” ccolor=”000000″ bcolor=”1A52EA” bgcolor=”000000″ bgcolorto=”000000″ image=”null”] [root@quickfixlinux ~]# vim /etc/motd[/stextbox]
Place the content of the notice in this file :
Alternatively, you can also configure in sshd config file /etc/ssh/sshd_config:
Create the file named /etc/banner:
[stextbox id=”Default” mode=”css” bwidth=”7″ color=”FFFFFF” ccolor=”000000″ bcolor=”1A52EA” bgcolor=”000000″ bgcolorto=”000000″ image=”null”]
[root@quickfixlinux ~]# vim /etc/banner
###
# ***** Welcome to QLF ***** ###
#######################################################################
#Authorized access only!#
# Disconnect IMMEDIATELY if you are not an authorized user !!!
# All actions will be monitored and recorded
######################################################################### [/stextbox]
Now, Configure the ssh configuration file. Sample /etc/ssh/sshd_config file and add the line Banner /etc/banner to it, for example:
[stextbox id=”Default” mode=”css” bwidth=”7″ color=”FFFFFF” ccolor=”000000″ bcolor=”1A52EA” bgcolor=”000000″ bgcolorto=”000000″ image=”null”]
[root@quickfixlinux ~]#vim /etc/ssh/sshd_config
Port 22
Protocol 2,1
SyslogFacility AUTHPRIV
PermitRootLogin no
RSAAuthentication yes
StrictModes no
PasswordAuthentication yes
ChallengeResponseAuthentication yes
Banner /etc/banner
Subsystem sftp /usr/libexec/openssh/sftp-server [/stextbox]
Then restart the SSHD Service to take effort:
[stextbox id=”Default” mode=”css” bwidth=”7″ color=”FFFFFF” ccolor=”000000″ bcolor=”1A52EA” bgcolor=”000000″ bgcolorto=”000000″ image=”null”]
[root@quickfixlinux ~]# service sshd restart [/stextbox]
That’s all… Try to SSH the box with your login ..