Hi all,
I'm running Debian with openssh 1:5.1p1-5 and I've got an operational and legal /etc/issue.net but I'd like to make it depend on the incoming IP address. To be more specific, I'd like to achieve that no banner is shown when logging in from my company's IP range(s) or when logging in from home, but any unknown address (potential intruder) should be confronted with our legal warning.
Is this at all possible?
The server is located off-site and only has one ethernet device active (i.e. I cannot say eth0 is external, eth1 is internal)
Thanks in advance for any tips,
Chris

In my opinion if a banner is present for policy reasons then it should be shown always. Take for instance a change of network range. If one forgets to change the range exclusions in time then the banner might not be shown as required. That's not about me asking you to make a decision (as it isn't mine or yours to decide anyway), but about you asking your legal dept. what their stance would be on that?..

Hi unSpawn,
That a very valid point (and I have to say I agree) from a procedural point of view, but what I forgot to mention in my initial post was that the question came to me from a day-to-day nuisance of the backup script. I use scp to copy some backed up files to another server, so my inbox is filled with crontab's reports of it encountering the banner In other words, ideally I'd like to hide the banner when it's a cronjob copying from server a to b, hence making an ssh connection that requires displaying the banner.
Best,
Chris

Depending on your version of OpenSSHd scp and ssh may accept "-q" which should mute sshd_config Banner. Since you're running a cronjob nothing prohibits you from suffixing the jobs command line with something like ">/dev/null 2>&1" as well.