LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 08-03-2006, 02:55 PM   #1
cpatter12
LQ Newbie
 
Registered: Jul 2006
Posts: 2

Rep: Reputation: 0
How do you turn off login banner for non-interactive ssh?


I have a requirement to have a login banner for interactive ssh logins. However, the banner also displays for non-interactive commands. Basically I run a script to get me status of processes running on multiple computers. I would like to see the status without seeing a login banner for every system. Is there a way to turn off the banner for non-interactive processes?

Thanks
 
Old 08-04-2006, 01:49 PM   #2
live_dont_exist
Member
 
Registered: Aug 2004
Location: India
Distribution: Redhat 9.0,FC3,FC5,FC10
Posts: 257

Rep: Reputation: 30
cpatter...how about a couple of example commands here...1 on when you want the banner and one when you dont want it...I'm not quite clear on what you need...

Cheers
Arvind
 
0 members found this post helpful.
Old 08-07-2006, 09:17 AM   #3
cpatter12
LQ Newbie
 
Registered: Jul 2006
Posts: 2

Original Poster
Rep: Reputation: 0
I need the login banner when a user logs in via ssh.

ssh -l root nodename .
When I pass a command I don't want a login banner.

ssh root@nodename ps -ef .
 
1 members found this post helpful.
Old 06-27-2007, 02:09 PM   #4
jbivey
LQ Newbie
 
Registered: Jun 2007
Posts: 3

Rep: Reputation: 1
turning off login banner for non-interactive ssh

Have you figured this out yet? I have the same need and am having very little success finding any help.
 
Old 06-28-2007, 03:16 AM   #5
chandramani_yadav
Member
 
Registered: Jan 2007
Location: Vienna
Distribution: Redhat
Posts: 47

Rep: Reputation: 19
Hey , U cannot have both at a time . if u don't want the banner, just touch ".hushlogin"in the home directory of user . u won't get the banner .
 
0 members found this post helpful.
Old 06-28-2007, 10:25 AM   #6
jbivey
LQ Newbie
 
Registered: Jun 2007
Posts: 3

Rep: Reputation: 1
How do you turn off login banner for non-interactive ssh

Quote:
Originally Posted by chandramani_yadav
Hey , U cannot have both at a time . if u don't want the banner, just touch ".hushlogin"in the home directory of user . u won't get the banner .
I tried this and it doesn't work so I did some more investigation and found this about .hushlogin: "This file is used to suppress printing the last login time and /etc/motd, if PrintLastLog and PrintMotd, respectively, are enabled. It does not suppress printing of the banner specified by Banner".

If you have any other suggestions please let me know. Thanks!
 
2 members found this post helpful.
Old 11-21-2007, 01:30 AM   #7
sundalo1205
LQ Newbie
 
Registered: Nov 2007
Posts: 3

Rep: Reputation: 1
Wink

hi!
any solution to this? i also have this kind of problem. i hope you guyz can help me out.

thanks in advance!
 
Old 11-23-2007, 11:27 AM   #8
jbivey
LQ Newbie
 
Registered: Jun 2007
Posts: 3

Rep: Reputation: 1
No, unfortunately I never figured this out.
 
Old 12-03-2007, 01:01 AM   #9
sundalo1205
LQ Newbie
 
Registered: Nov 2007
Posts: 3

Rep: Reputation: 1
Quote:
Originally Posted by jbivey View Post
No, unfortunately I never figured this out.
ssh -q
------
this answered my problem. risk is important errors will also be supressed.
 
1 members found this post helpful.
Old 02-10-2012, 08:17 PM   #10
scandalist
LQ Newbie
 
Registered: Apr 2011
Posts: 27

Rep: Reputation: 1
add "DebianBanner no" to /etc/ssh/sshd_conf

it bugged me too
 
Old 09-05-2012, 12:04 PM   #11
jfkenneyjr
LQ Newbie
 
Registered: Sep 2012
Posts: 1

Rep: Reputation: Disabled
SSH Options

Quote:
Originally Posted by sundalo1205 View Post
ssh -q
------
this answered my problem. risk is important errors will also be supressed.
This bothered me as well as I work with a lot of non-interactive sctipts that have logging that gets filled up with banners. I've found that if I use the SSH LogLevel option, I don't get the banners anymore. The SSH options can be passed through scp as well.

Try:
ssh -o LogLevel=Error <rest of cmd>
or
scp -o LogLevel=Error <rest of cmd>
 
Old 01-16-2013, 01:53 PM   #12
koenpunt
LQ Newbie
 
Registered: Jan 2013
Posts: 1

Rep: Reputation: Disabled
The question is 'a bit' outdated, but I have two solutions using a custom shell wrapper.

1. Using .authorized_keys command

In ~/.ssh/authorized_keys you add the following before a specific key
Code:
command="/usr/local/bin/shell-wrapper" ssh-rsa AAAAB3NzaC1yc2EAA...JZK1E8H60=
And in /usr/local/bin/shell-wrapper
Code:
#!/bin/sh

# If there is a command given, it executes it with the users shell if no command
# given it outputs the contents of BANNER and starts the user's shell.

BANNER=/etc/issue.net

if [ -n "$SSH_ORIGINAL_COMMAND" ] ; then
  $SHELL -c "$SSH_ORIGINAL_COMMAND"
else
  cat $BANNER
  $SHELL
fi
2. Changing the users shell

Set shell for user (change USERNAME to your user):
Code:
usermod --shell /usr/local/bin/shell-wrapper USERNAME
Create /usr/local/bin/shell-wrapper with the following content:
Code:
#!/bin/sh

# If there are no arguments, it outputs the contents of BANNER and starts the specified shell
# When there is an argument given it executes it with the specified shell

BANNER=/etc/issue.net
SHELL=/bin/sh

if [ $# -eq 0 ]; then
  cat $BANNER
  $SHELL
else
  shift
  $SHELL -c "$@"
fi
 
Old 02-16-2013, 10:24 AM   #13
ubix
LQ Newbie
 
Registered: Feb 2013
Posts: 1

Rep: Reputation: Disabled
@ koenpunt

Thank you for posting even when the thread was old,

I am in a fix, on one hand I cannot disable bannering from sshd_config and on the other hand brtools doesnt like the banners, so I am looking for a way to disable it for this one brtool user and I feel I am getting closer to finding a solution, with your help of course!

can you please elaborate on SSH_ORIGINAL_COMMAND?

Last edited by ubix; 02-16-2013 at 10:33 AM. Reason: typo
 
Old 02-17-2013, 02:00 PM   #14
Skaperen
Senior Member
 
Registered: May 2009
Location: WV, USA
Distribution: Slackware, CentOS, Ubuntu, Fedora, Timesys, Linux From Scratch
Posts: 1,777
Blog Entries: 20

Rep: Reputation: 115Reputation: 115
I believe koenpunt's solution only applies to the banner produced by the remote shell, and not banners produced by the remote ssh daemon. Shells should automatically produce no banner unless invoked for interactive use.

If the problem banner is what the shell outputs, then there's nothing you can do at the local end but parse over this unusual thing. One way to do that is run a command line that the first command outputs an odd sentinel string that you can scan locally for to show only what follows it.

If the problem banner is what the ssh daemon outputs, you might get away with redirecting stderr to /dev/null. If you need the stderr output from the command, redirect that to stdout.
Code:
ssh userid@remote 'remotecommand args ... 2>&1' 2>/dev/null
If you want stdout and stderr to be kept separate from the remote command so you can store their output to separate files, this will be more complicated to do.
 
Old 04-05-2013, 07:31 AM   #15
Hermann_It
LQ Newbie
 
Registered: Apr 2013
Posts: 1

Rep: Reputation: Disabled
2>/dev/null

only banner is removed.
 
  


Reply

Tags
banner, ssh


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
hide ssh banner shafey Linux - Security 3 04-14-2013 05:59 PM
How to setup system Login banner and Login message 06-03-05 Linux - Newbie 9 11-03-2011 11:42 AM
SSH Login Banner Display raiden4201 Linux - Newbie 11 12-08-2008 04:41 PM
non-interactive ssh podollb Linux - Software 3 04-20-2004 03:28 PM
change the banner for ssh [cacheflow] Linux - Security 5 09-16-2002 03:03 PM


All times are GMT -5. The time now is 01:14 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration