Did You Know?
Got a tip? Let us know

HostGator Diwali Mega Offer 50% Flat Discount on all Hosting Plans - Grab it Now

Protect SSH Logins with SSH & MOTD Banner Messages

Download Your Free eBooks NOW - 10 Free Linux eBooks for Administrators
CW

One of the easiest way to protect and secure SSH logins by displaying warming message to UN-authorized users or display welcome or informational messages to authorized users.

Protect SSH Logins

Display SSH Banner Messages

Being a system administrator whenever configure Linux servers I always use to configure a security banners for ssh logins. The banner contains some security warning information or general information. See my example banner message which I used for my all servers.

ALERT! You are entering into a secured area! Your IP, Login Time, Username has been noted and has been sent to the server administrator!
This service is restricted to authorized users only. All activities on this system are logged.
Unauthorized access will be fully investigated and reported to the appropriate law enforcement agencies.

There are two way to display messages one is using issue.net file and second one is using MOTD file.

  1. issue.net : Display a banner message before the password login prompt.
  2. motd : Display a banner message after the user has logged in.

So, I strongly recommended all system administrator to display a banner messages before allowing users to log in to systems. Just follow below simple steps to enable SSH logging messages.

Display SSH Warning Message to Users Before Login

To display Welcome or Warning message for SSH users before login. We use issue.net file to display a banner massages. Open the following file with VI editor.

# vi /etc/issue.net

Add the following banner sample message and save the file. You can add any custom banner message to this file.

###############################################################
#                                                      Welcome to TecMint.com                                                           # 
#                                   All connections are monitored and recorded                                         #
#                          Disconnect IMMEDIATELY if you are not an authorized user!                    #
###############################################################

Open the master ssh configuration file and enable banners.

# vi /etc/ssh/sshd_config

Search for the word “Banner” and uncomment out the line and save the file.

#Banner /some/path

It should be like this.

Banner /etc/issue.net (you can use any path you want)

Next, restart the SSH daemon to reflect new changes.

# /etc/init.d/sshd restart
Stopping sshd:                                             [  OK  ]
Starting sshd:                                             [  OK  ]

Now try to connect to server you will see banner message similar to below.

Display SSH Banner Messages

SSH Banner Messages Before Login

Display SSH Warning Message to Users After Login

To display banner messages after login, we use motd file, which is used to display banner massages after login. Now open it with VI editor.

vi /etc/motd

Place the following banner sample message and save the file.

###############################################################
#                                                   Welcome to TecMint.com                                                             # 
#                                    All connections are monitored and recorded                                       #
#                           Disconnect IMMEDIATELY if you are not an authorized user!                  #
###############################################################

Now again try to login into server you will get both the banner messages. See the screenshot attached below.

Display SSH Banner After Login

Display SSH Banner After Login

Ravi Saive

Owner at TecMint.com
Simple Word a Computer Geek and Linux Guru who loves to share tricks and tips on Internet. Most Of My Servers runs on Open Source Platform called Linux.

Linux Services & Free WordPress Setup

Our post is simply ‘DIY’ aka ‘Do It Yourself, still you may find difficulties and want us to help you out. We offer wide range of Linux and Web Hosting Solutions at fair minimum rates. Please submit your orders by Clicking Here.

12 Responses

  1. lamula.pe says:

    Oh my goodness! Awesome article dude! Many thanks,
    However I am experiencing troubles with your RSS.
    I don’t know why I cannot subscribe to it. Is there anyone else having identical RSS problems? Anyone that knows the solution will you kindly respond? Thanx!!

  2. Corey says:

    I question how these can secure a server. Warning message or not, disreputable people will do what they do.

    Better way to secure SSHd? Require keys, and disallow password logins.

    • wyatt says:

      The best way to secure ssh is to use fail2ban and set it to be extremely brutal. 2 attempts then iptable ban?

      Next step is to disable root login ofc.

      Key authentication is another big thing.

      • Ravi Saive says:

        Wyatt, you right fail2ban is very powerful tool to protect ssh from brute force attempts. I’ve already covered article on Fail2Ban you can check it. Always disable root login and use key based authentication.

  3. Mark says:

    This is a very good practice, however some message will not protect your SSH, but it is not it’s purpose. Warning people that they are in a restricted area makes you protected against the law and the hacker’s ‘I didn’t know what I was doing’ sentence.

    As far as I now in the USA this is a must for private networks. (Of course I don’t mean your home VPN.) But I think it can be useful anywhere in the world when it comes to proving at the court.

  4. T Graham says:

    Do not put the word “welcome” – or anything like that – in ANY login screen or banner message. It can be argued that the hacker thought s/he was welcome to explore.

  5. Raj says:

    Good Post.. thanks for sharing.. and keep sharing….

  6. Aby Varghese says:

    Great one again ..;

  7. ali says:

    ttttttttttnxxxxxxxxxxxxx

  8. mayasl says:

    Good one!

    I tried to add this code in to issue.net. But it doesn’t recognize the code.

    Is there anyway to get this done?

  9. Amani Musomba says:

    Great Article..
    goode one for any new Sys Admin..

  10. Anthony Ferro says:

    Does the banner present a DOS risk due to the additional traffic sent over the network to reply to all ssh connections? It seem like it could be used to saturate someones bandwidth.
    (I do agree on the fail2ban suggestions.)

Leave a Reply

This work is licensed under a (cc) BY-NC | TecMint uses cookies. By using our services, you comply to use of our cookies. More info: Privacy Policy.
© 2012-2014 All Rights Reserved.