When you connect to a system via SSH a banner of text is displayed. Today I am going to look at changing the default SSH banner text on my Raspberry Pi 4 (Raspbian Buster).
The default Raspbian Buster SSH banner looks like this:
This banner contains:
- Information about the system via Pluggable Authentication Modules (PAM)
- The MOTD (Message Of The Day) text
- Last login details
This can all be changed / customised to show other details (or no details).
Pluggable Authentication Module (PAM)
PAM handles the system information that is displayed in the SSH banner after the SSH logon.
Using the command cat /run/motd.dynamic will display the dynamic (it can change) data that shows in the banner.
This dynamic file is actually created by PAMS running bash files from /etc/update-motd.d
For example my current /etc/update-motd.d folder currently contains one bash file called 10-uname which contains a shebang line and a command which outputs the technical data seen at login.
To add more data to the banner we need to create bash scripts to carry out the commands. If you have navigated to the /etc/update-motd.d folder this can be done with:
sudo nano XX-XXXX
If your not in the /etc/update-motd.d folder use sudo nano /etc/update-motd.d/XX-XXXX
with XX-XXXX being replaced with a number and then a name, e.g. sudo nano 20-uptime
The files are read in number order and do not need a file extension on the end of them.
Once the file has been created and saved it needs to be made executable using the command:
chmod a+x /etc/update-motd.d/*
Message Of The Day (MOTD)
The MOTD file can be found at /etc/motd can be briefly read using the command:
The file can be edited using the command:
sudo nano /etc/motd
Please note, other editors (such as Vi or Vim) could be used instead of Nano if you prefer them. The MOTD file can contain whatever text you want. After editing the file, save it, reboot and see what is displayed after connecting via SSH.
The login information can be turned off/on via the /etc/ssh/sshd_config file, to do this:
sudo nano /etc/ssh/sshd_config
and scroll down to the line that reads:
Uncomment the line by deleting the # and then type either yes (to display) or no (to hide) the last login information.