How do you turn off login banner for non-interactive ssh?
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
How do you turn off login banner for non-interactive ssh?
I have a requirement to have a login banner for interactive ssh logins. However, the banner also displays for non-interactive commands. Basically I run a script to get me status of processes running on multiple computers. I would like to see the status without seeing a login banner for every system. Is there a way to turn off the banner for non-interactive processes?
cpatter...how about a couple of example commands here...1 on when you want the banner and one when you dont want it...I'm not quite clear on what you need...
How do you turn off login banner for non-interactive ssh
Quote:
Originally Posted by chandramani_yadav
Hey , U cannot have both at a time . if u don't want the banner, just touch ".hushlogin"in the home directory of user . u won't get the banner .
I tried this and it doesn't work so I did some more investigation and found this about .hushlogin: "This file is used to suppress printing the last login time and /etc/motd, if PrintLastLog and PrintMotd, respectively, are enabled. It does not suppress printing of the banner specified by Banner".
If you have any other suggestions please let me know. Thanks!
ssh -q
------
this answered my problem. risk is important errors will also be supressed.
This bothered me as well as I work with a lot of non-interactive sctipts that have logging that gets filled up with banners. I've found that if I use the SSH LogLevel option, I don't get the banners anymore. The SSH options can be passed through scp as well.
Try:
ssh -o LogLevel=Error <rest of cmd>
or
scp -o LogLevel=Error <rest of cmd>
#!/bin/sh
# If there is a command given, it executes it with the users shell if no command
# given it outputs the contents of BANNER and starts the user's shell.
BANNER=/etc/issue.net
if [ -n "$SSH_ORIGINAL_COMMAND" ] ; then
$SHELL -c "$SSH_ORIGINAL_COMMAND"
else
cat $BANNER
$SHELL
fi
2. Changing the users shell
Set shell for user (change USERNAME to your user):
Create /usr/local/bin/shell-wrapper with the following content:
Code:
#!/bin/sh
# If there are no arguments, it outputs the contents of BANNER and starts the specified shell
# When there is an argument given it executes it with the specified shell
BANNER=/etc/issue.net
SHELL=/bin/sh
if [ $# -eq 0 ]; then
cat $BANNER
$SHELL
else
shift
$SHELL -c "$@"
fi
Thank you for posting even when the thread was old,
I am in a fix, on one hand I cannot disable bannering from sshd_config and on the other hand brtools doesnt like the banners, so I am looking for a way to disable it for this one brtool user and I feel I am getting closer to finding a solution, with your help of course!
can you please elaborate on SSH_ORIGINAL_COMMAND?
Last edited by ubix; 02-16-2013 at 10:33 AM.
Reason: typo
I believe koenpunt's solution only applies to the banner produced by the remote shell, and not banners produced by the remote ssh daemon. Shells should automatically produce no banner unless invoked for interactive use.
If the problem banner is what the shell outputs, then there's nothing you can do at the local end but parse over this unusual thing. One way to do that is run a command line that the first command outputs an odd sentinel string that you can scan locally for to show only what follows it.
If the problem banner is what the ssh daemon outputs, you might get away with redirecting stderr to /dev/null. If you need the stderr output from the command, redirect that to stdout.
If you want stdout and stderr to be kept separate from the remote command so you can store their output to separate files, this will be more complicated to do.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
