# SSH login + message

## Overkill

Hey guys,

I downloaded linux-logo so I can have a ascii-art logo of gentoo in my

login screen.

Now I want to that logo to be displayed when someone logs in through

SSH. I know it uses issue.net, but this is displayed after the user

enters his username.  I want it to display before that.

Can this be achieved?

Thx!

----------

## meowsqueak

Is this what you want?

```
$ ssh localhost

Private box, keep out, no trespassing, go away, you have been warned!

jbloggs@localhost's password:
```

Part of sshd_config:

```
   Banner /etc/ssh/sshd_login.txt
```

----------

## Overkill

Thx for your reply.

The code you posted is what I already have, but when I login using putty,

I first have to enter a username, and then the banner gets displayed.

Can I change this order (in putty or sshd)?

Thx

----------

## meowsqueak

Perhaps it's a putty thing - what if you try sshing to the same box from a real linux box?

----------

## DumbAss

Hi,

Do you guys now how te make the baner dynamic? For example how to show the uptime?

----------

## smart

/etc/issue ?

----------

## meowsqueak

/etc/issue is displayed AFTER you log in I think. As for dynamic banners - you could use a cron job or something to update the file periodically. But I don't think you can have anything execute on a connection attempt unless you hack some code. Doesn't sound very safe however.

----------

## smart

<cite>

/etc/issue is displayed AFTER you log in I think.

</cite>

Technology is different from religion in that on the simple things it offers reliable, first hand sources:

man issue

You think wrong.

If you want something sent, just on a connection trial without any logic behind, have inetd or xinetd installed and configure it run a "cat /myfile" kind of thing (like "Hi friend, you'd obviously like to use telnet, but we don't. If you're keen, try ssh !"). You're done.

----------

## meowsqueak

I was actually thinking of /etc/motd, so I accept your correction.

Would that inetd technique work on a connection attempt to a port that actually has a service running on it (or will do once one is spawned)? Also, will ssh display plain text from the network connection to the user?

----------

## smart

Nope. That suggestion is pretty much just good for that specific case. It's too simple so to say.

If the ports in using in loistening mode, no other thing will be able to tap on it and if you don't proxy it, you could also not use that to chain things up. Like first doing the cat and then handing over to telnetd for example. You'd need sth. in the middle.

ssh would probably just come back with a protocol fault or sth. Would be an unusual implementation that gives you debug mode per default.

/etc/issue will probably also not work for ssh. i was more concerned by the ease how people tend toward presenting plain guesses as near facts even if they themselves could easily verify them briefly to make sure, or if the issue is as critical as going to war. When you feel unsure, verify yourself before teaching others wrong things.

I will try to figure the appropriate solution for ssh.

----------

## smart

You can define a file yourself using the "Banner" Parameter in "/etc/ssh/sshd_config".

but that's not what was wanted.

repeat...

In any case this thread has become a bit spread...

reg. Overkill

I think the "Banner" option is what you want for ssh. For putty "/etc/issue" might do the trick (i don't use putty), so maybe do both at the same time and point "Banner" to /etc/issue. But give me a hint. How do you get ssh to give you a prompt for username from the side of the server ?

reg. DumbAss

The only mechanism i could think of being able to intercept during the login process would be PAM. Possibly PAM can do the trick for you, let us know if oyu found sth.Last edited by smart on Wed Feb 11, 2004 11:53 am; edited 2 times in total

----------

## DumbAss

Thanks for your replies but /etc/issue isn't displayed after I logged in with ssh. /etc/motd is, but that one isn't dynamica too.

Maybe other suggestions?

----------

## DumbAss

Come on anyone? There must be someone who knows?

----------

## smart

<repeat>

eg. DumbAss

The only mechanism i could think of being able to intercept during the login process would be PAM. Possibly PAM can do the trick for you, let us know if oyu found sth.

</repeat>

What have you come up with ?

In the last 2 minutes i found these to investigate for possible use:

- pam_issue

- pam_motd

Not too magic.

Your turn.

----------

