SSH Banner Text (Raspbian)

Default Raspbian Buster SSH banner

When you connect to a system via SSH a banner of text is displayed. Today I am going to look at changing the default SSH banner text on my Raspberry Pi 4 (Raspbian Buster).

The default Raspbian Buster SSH banner looks like this:

Default Raspbian Buster SSH banner
Default Raspbian Buster SSH banner

This banner contains:

  • Information about the system via Pluggable Authentication Modules (PAM)
  • The MOTD (Message Of The Day) text
  • Last login details

This can all be changed / customised to show other details (or no details).

A modified SSH banner
A modified SSH banner

Pluggable Authentication Module (PAM)

PAM handles the system information that is displayed in the SSH banner after the SSH logon.

Using the command cat /run/motd.dynamic will display the dynamic (it can change) data that shows in the banner.

cat /run/motd.dynamic

This dynamic file is actually created by PAMS running bash files from /etc/update-motd.d

For example my current /etc/update-motd.d folder currently contains one bash file called 10-uname which contains a shebang line and a command which outputs the technical data seen at login.

10-uname file

To add more data to the banner we need to create bash scripts to carry out the commands. If you have navigated to the /etc/update-motd.d folder this can be done with:

sudo nano XX-XXXX

If your not in the /etc/update-motd.d folder use sudo nano /etc/update-motd.d/XX-XXXX

with XX-XXXX being replaced with a number and then a name, e.g. sudo nano 20-uptime

The files are read in number order and do not need a file extension on the end of them.

Example uptime bash script
Example uptime bash script

Once the file has been created and saved it needs to be made executable using the command:

chmod a+x /etc/update-motd.d/*

Using PAMS to display different information
Using PAMS to display different information

Message Of The Day (MOTD)

Using cat to read /etc/motd

The MOTD file can be found at /etc/motd can be briefly read using the command:

cat /etc/motd

The file can be edited using the command:

sudo nano /etc/motd

Using nano to edit /etc/motd
Using nano to edit /etc/motd

Please note, other editors (such as Vi or Vim) could be used instead of Nano if you prefer them. The MOTD file can contain whatever text you want. After editing the file, save it, reboot and see what is displayed after connecting via SSH.

MOTD after being modified
MOTD after being modified

Last Login

The login information can be turned off/on via the /etc/ssh/sshd_config file, to do this:

sudo nano /etc/ssh/sshd_config

and scroll down to the line that reads:


Editing the sshd_config file

Uncomment the line by deleting the # and then type either yes (to display) or no (to hide) the last login information.

SSH logon without the last login data

This post forms part of a series where I am looking at SSH. Want to know how to change the default SSH port? Or how to enable a firewall?