SSH Banner Text (Raspbian)

Default Raspbian Buster SSH banner

When you connect to a system via SSH a banner of text is displayed. Today I am going to look at changing the default SSH banner text on my Raspberry Pi 4 (Raspbian Buster).

The default Raspbian Buster SSH banner looks like this:

Default Raspbian Buster SSH banner
Default Raspbian Buster SSH banner

This banner contains:

  • Information about the system via Pluggable Authentication Modules (PAM)
  • The MOTD (Message Of The Day) text
  • Last login details

This can all be changed / customised to show other details (or no details).

A modified SSH banner
A modified SSH banner

Pluggable Authentication Module (PAM)

PAM handles the system information that is displayed in the SSH banner after the SSH logon.

Using the command cat /run/motd.dynamic will display the dynamic (it can change) data that shows in the banner.

geektechstuff_motd_raspbian_5
cat /run/motd.dynamic

This dynamic file is actually created by PAMS running bash files from /etc/update-motd.d

For example my current /etc/update-motd.d folder currently contains one bash file called 10-uname which contains a shebang line and a command which outputs the technical data seen at login.

geektechstuff_motd_raspbian_8
10-uname file

To add more data to the banner we need to create bash scripts to carry out the commands. If you have navigated to the /etc/update-motd.d folder this can be done with:

sudo nano XX-XXXX

If your not in the /etc/update-motd.d folder use sudo nano /etc/update-motd.d/XX-XXXX

with XX-XXXX being replaced with a number and then a name, e.g. sudo nano 20-uptime

The files are read in number order and do not need a file extension on the end of them.

Example uptime bash script
Example uptime bash script

Once the file has been created and saved it needs to be made executable using the command:

chmod a+x /etc/update-motd.d/*

Using PAMS to display different information
Using PAMS to display different information

Message Of The Day (MOTD)

geektechstuff_motd_raspbian_2
Using cat to read /etc/motd

The MOTD file can be found at /etc/motd can be briefly read using the command:

cat /etc/motd

The file can be edited using the command:

sudo nano /etc/motd

Using nano to edit /etc/motd
Using nano to edit /etc/motd

Please note, other editors (such as Vi or Vim) could be used instead of Nano if you prefer them. The MOTD file can contain whatever text you want. After editing the file, save it, reboot and see what is displayed after connecting via SSH.

MOTD after being modified
MOTD after being modified

Last Login

The login information can be turned off/on via the /etc/ssh/sshd_config file, to do this:

sudo nano /etc/ssh/sshd_config

and scroll down to the line that reads:

#PrintLastLog

geektechstuff_motd_raspbian_6
Editing the sshd_config file

Uncomment the line by deleting the # and then type either yes (to display) or no (to hide) the last login information.

geektechstuff_motd_raspbian_7
SSH logon without the last login data

This post forms part of a series where I am looking at SSH. Want to know how to change the default SSH port? Or how to enable a firewall?

 

 

 

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.