« Back to SSH

Configure a SSH welcome message or banner

Configure a Message of the Day

The MOTD is typically stored in /etc/motd or a related directory, such as /etc/update-motd.d or /etc/motd.d/. The related message or messages are then displayed after a user is logged in.

Another option is that the MOTD is displayed using the PAM configuration. To see if this is the case, perform a grep in your PAM configuration directory.

grep -ir motd /etc/pam.d | grep -v ":#"

If PAM is not used to define the Message of the Day, then it can be enabled via the SSH configuration.

Configuration changes to can be done in the main SSH configuration file, but it is better to add them to a file in the /etc/ssh/sshd_config.d directory. This way it will override the changes and don’t get overwritten when a package is receiving updates.

For example, edit /etc/ssh/sshd_config.d/99-custom.conf and add:

PrintMotd yes

To activate, test the changes and restart the SSH daemon. Let’s first test the new configuration.

sshd -t

All well? Then restart the SSH daemon.

systemctl restart ssh.service

Configure a banner

The MOTD is displayed after the user logged in. The banner on the other hand, is displayed before authentication.

Normally this type of banner is configured in /etc/issue.net for non-local logins. For example:

=====================================
  Unauthorized access is prohibited
=====================================
  * This system is monitored
  * Actions are logged
=====================================

After saving the file, set the new option to a custom SSH configuration file (see above).

Banner /etc/issue.net

Test the configuration.

sshd -t

Restart the SSH daemon after testing the configuration succeeded.

systemctl restart ssh.service

Then check if the file is properly configured.

sshd -T | grep banner

If the configuration setting is correct, then connect to the system via another session.

# ssh 192.168.1.250

=====================================
  Unauthorized access is prohibited
=====================================
  * This system is monitored
  * Actions are logged
=====================================
michael@192.168.1.250's password:

That’s it!

Relevant commands in this article

Like to learn more about the commands that were used in this article? Have a look, for some there is also a cheat sheet available.

Feedback

Small picture of Michael Boelen

This article has been written by our Linux security expert Michael Boelen. With focus on creating high-quality articles and relevant examples, he wants to improve the field of Linux security. No more web full of copy-pasted blog posts.

Discovered outdated information or have a question? Share your thoughts. Thanks for your contribution!

Mastodon icon