Protect SSH Logins with SSH & MOTD Banner Messages

One of the easiest way to protect and secure SSH logins by displaying warming message to UN-authorized users or display welcome or informational messages to authorized users.

Protect SSH Logins
Display SSH Banner Messages

Being a system administrator whenever configure Linux servers I always use to configure a security banners for ssh logins. The banner contains some security warning information or general information. See my example banner message which I used for my all servers.

ALERT! You are entering into a secured area! Your IP, Login Time, Username has been noted and has been sent to the server administrator!
This service is restricted to authorized users only. All activities on this system are logged.
Unauthorized access will be fully investigated and reported to the appropriate law enforcement agencies.

There are two way to display messages one is using issue.net file and second one is using MOTD file.

  1. issue.net : Display a banner message before the password login prompt.
  2. motd : Display a banner message after the user has logged in.

So, I strongly recommended all system administrator to display a banner messages before allowing users to log in to systems. Just follow below simple steps to enable SSH logging messages.

Display SSH Warning Message to Users Before Login

To display Welcome or Warning message for SSH users before login. We use issue.net file to display a banner massages. Open the following file with VI editor.

# vi /etc/issue.net

Add the following banner sample message and save the file. You can add any custom banner message to this file.

###############################################################
#                                                      Welcome to TecMint.com                                                           # 
#                                   All connections are monitored and recorded                                         #
#                          Disconnect IMMEDIATELY if you are not an authorized user!                    #
###############################################################

Open the master ssh configuration file and enable banners.

# vi /etc/ssh/sshd_config

Search for the word “Banner” and uncomment out the line and save the file.

#Banner /some/path

It should be like this.

Banner /etc/issue.net (you can use any path you want)

Next, restart the SSH daemon to reflect new changes.

# /etc/init.d/sshd restart
Stopping sshd:                                             [  OK  ]
Starting sshd:                                             [  OK  ]

Now try to connect to server you will see banner message similar to below.

Display SSH Banner Messages
SSH Banner Messages Before Login

Display SSH Warning Message to Users After Login

To display banner messages after login, we use motd file, which is used to display banner massages after login. Now open it with VI editor.

vi /etc/motd

Place the following banner sample message and save the file.

###############################################################
#                                                   Welcome to TecMint.com                                                             # 
#                                    All connections are monitored and recorded                                       #
#                           Disconnect IMMEDIATELY if you are not an authorized user!                  #
###############################################################

Now again try to login into server you will get both the banner messages. See the screenshot attached below.

Display SSH Banner After Login
Display SSH Banner After Login
If you liked this article, then do subscribe to email alerts for Linux tutorials. If you have any questions or doubts? do ask for help in the comments section.

If You Appreciate What We Do Here On TecMint, You Should Consider:

TecMint is the fastest growing and most trusted community site for any kind of Linux Articles, Guides and Books on the web. Millions of people visit TecMint! to search or browse the thousands of published articles available FREELY to all.

If you like what you are reading, please consider buying us a coffee ( or 2 ) as a token of appreciation.

Support Us

We are thankful for your never ending support.

30 thoughts on “Protect SSH Logins with SSH & MOTD Banner Messages”

  1. In my office account I am getting messages like disk space, some other info related to the account. I checked in all files but i couldn’t find the path from where I am getting these massages.

    Reply
  2. If your idea of securing a system is displaying login messages, you need help. No unauthorized user is going to give a respect about your message and you’re just going to annoy legitimate users, especially when executing remote commands.

    Reply
  3. is it possible to run a shell command from within the banner.txt or the issue.met files.
    ( i’d like to run the clear command after login)

    Reply
    • @Ted,

      No, I don’t think so we can able to run any command or script via these files, these files are used to display a text once the user logged into the shell..

      Reply
  4. Suppose, I have more than 100 Linux server in this case what should I have to do..? It’s very time consuming to set banner in all the servers.. Is there any another solution for same..?? Like I can set banner on one single server and It will show for all the servers.

    Reply
  5. i am getting a message after login (it is just a simple text no error or any thing) i can login only as guest not a root user and i want to remove that text please help

    Reply
    • @Yugansh,
      Which error message you getting on the login screen? can you share the screen grab to get the idea..or else you can remove the text in motd file..

      Reply

Got something to say? Join the discussion.

Have a question or suggestion? Please leave a comment to start the discussion. Please keep in mind that all comments are moderated and your email address will NOT be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.