Traditional unix systems display /etc/motd
after the user is successfully authenticated and before the user's shell is invoked. On modern systems, this is done by the pam_motd
PAM module, which may be configured in /etc/pam.conf
or /etc/pam.d/*
to display a different file.
The ssh server itself may be configured to print /etc/motd
if the PrintMotd
option is not turned off in /etc/sshd_config
. It may also print the time of the previous login if PrintLastLog
is not turned off.
Another traditional message might tell you whether that You have new mail
or You have mail
. On systems with PAM, this is done by the pam_mail
module. Some shells might print a message about available mail.
After the user's shell is launched, the user's startup files may print additional messages. For an interactive login, if the user's login shell is a Bourne-style shell, look in /etc/profile
, ~/.profile
, plus ~/.bash_profile
and ~/.bash_login
for bash. For an interactive login to zsh, look in /etc/zprofile
, /etc/zlogin
, /etc/zshrc
, ~/.zprofile
, ~/.zlogin
and ~/.zshrc
. For an interactive login to csh, look in /etc/csh.login
and ~/.login
.
If the user's login shell is bash and this is a non-interactive login, then bash executes ~/.bashrc
(which is really odd, since ~/.bashrc
is executed for interactive shells only if the shell is not a login shell). This can be a source for trouble; I recommend including the following snippet at the top of ~/.bashrc
to bail out if the shell is not interactive:
if [[ $- != *i* ]]; then return; fi
Mention #1 - LinuxFromScratch project
One place that it's mentioned is in the Linux From Scratch project. I found this page titled: /etc/issue (Customizing your logon).
excerpt
The /etc/issue file is a plain text file which will also accept certain Escape sequences (see below) in order to insert information about the system. There is also the file issue.net which can be used when logging on remotely. ssh however, will only use it if you set the option in the configuration file and will also not interpret the escape sequences shown below.
Mention #2 - SecurityFocus Forum post
As additional evidence that this is not possible there is this excerpt from a forum post titled: Re: ssh and banners Aug 18 2009 01:20PM, that discusses the function that implements the printing of the banner in OpenSSH.
excerpt
After doing some more digging, I found that there is a function in the ssh
source (specifically sshconnect2.c) called "input_userauth_banner" that
displays the banner from the server. The text of the banner is now being
filtered through another function called "strnvis" that encodes non-printable
ascii characters as printable text, ie: octal codes. This is why the ansi
escape sequence is displayed as "\033[". The documentation for strnvis
doesn't mention any security issues, only "unexpected behavior" that could be
associated with non-printable characters.
Mention #3 - OpenSSH Release Notes + RFC's
Lastly I encourage you to look through the release notes for OpenSSH. They're here as well as the RFC's that govern the SSH v1 & v2 specifications.
This RFC covers some of the behavior of the Banner
feature. This section "5.4. Banner Message" covers the details of why this isn't allowed. This paragraph is where is says this is explicitly disallowed.
excerpt
If the 'message' string is displayed, control character filtering, discussed in [SSH-ARCH], SHOULD be used to avoid attacks by sending terminal control characters.
Additional references (per @hildred)
Best Answer
Use the
-q
(quiet) option to ssh and scp, to suppress the/etc/motd
(and related) messages.While
Banner
might seem to be related, it is not. Refer tosshd_config
manual:You could use
PrintMotd
(insshd_config
):but in scripting, I simply use the
-q
option (requiring less configuration of the server).