Effective December 3, NetApp adopts Microsoft’s Business-to-Customer (B2C) identity management to simplify and provide secure access to NetApp resources.
For accounts that did not pre-register (prior to Dec 3), access to your NetApp data may take up to 1 hour as your legacy NSS ID is synchronized to the new B2C identity.
To learn more, read the FAQ and watch the video.
Need assistance? Complete this form and select “Registration Issue” as the Feedback Category.

ONTAP Discussions

ssh banner

zimmerm

OnTap Admins.... where do I create the ssh-banner file?  So that a Banner is displayed for ssh logins?

Thanks!

1 ACCEPTED SOLUTION

olaf

It's a Filer, not a Unix machine, there's no /etc/init.d on it, only /etc/rc for network setup.

Restarting SSH would mean rebooting the Filer.

In any case, having the file should have immedate effect on the next connection, if it was supported.

As far as I know NetApp did use existing code from an sshd implementation for Data ONTAP,

however even ONTAP 8 only supports those two files (issue and motd in /etc) according to its Docs.

According to:

http://now.netapp.com/NOW/knowledge/docs/ontap/rel727/html/ontap/sysadmin/accessing/concept/c_oc_accs_access-telnet-banner.html

the "issue" is actually used as before-login banner for telnet, but for ssh it's displayed after login.

I suggest you file for an enhancement request.

Cheerio,

O.

View solution in original post

9 REPLIES 9

loudymanschwab

Can't tell if this has been posted already. 

 

In order to create a banner on 7-mode that will display AFTER logging in, create a text file /etc/issue OR /etc/motd (if you create both, they are both shown after login).

 

In order to create a banner on 7-mode that will disply BEFORE logging in, create a text file /etc/motd and set the option "ssh2.banner.enable" to on.  This data displays after logging on also.

 

 

 

salindley

You're right this this isn't a Linux host, but there is a way to effectively restart services like "ssh" should you need to. I have used this on other services, don't think I've ever needed to do "ssh", but you'll get the idea. The command for ssh would be:

options ssh.enable off

options ssh.enable on

I've used this to flush and reload cached NIS information, as changed netgroups don't always "take" right away. Of course, change "ssh" to "nis" in the above, just to be clear.

zinovik_igor

You can create /etc/issue or /etc/motd with appropriate information.

fas1> wrfile -a /etc/issue 'Filer is in maintenance mode, AutoSupport is disabled, do not forget to enable it'

zimmerm

/etc/issue and /etc/motd are already there....

These messages display after you log in....

Still looking for the location or pointer that displays at the actual

"ssh" prompt before you type in the password. A solution would be to

have a link to the /etc/isuue file, this is normally what we display on

the Linux servers "Banner /etc/issue" as configured in the sshd_config

file in Linux, but OnTap doesn't seem to work this way.

Thanks!

Mark

bogac_dagdevir

Hi Zimmerm,

Please try following procedure,

Login as the root user;  create your login banner file:

# vi /etc/ssh/sshd-banner

Append text:
Welcome to nixCraft Remote Login!

Open sshd configuration file  /etc/sshd/sshd_config using a text  editor:

# vi /etc/sshd/sshd_config

Add/edit the following line:

Banner /etc/ssh/sshd-banner

Save file and restart the sshd server:

# /etc/init.d/sshd restart

and try it

Regards

olaf

It's a Filer, not a Unix machine, there's no /etc/init.d on it, only /etc/rc for network setup.

Restarting SSH would mean rebooting the Filer.

In any case, having the file should have immedate effect on the next connection, if it was supported.

As far as I know NetApp did use existing code from an sshd implementation for Data ONTAP,

however even ONTAP 8 only supports those two files (issue and motd in /etc) according to its Docs.

According to:

http://now.netapp.com/NOW/knowledge/docs/ontap/rel727/html/ontap/sysadmin/accessing/concept/c_oc_accs_access-telnet-banner.html

the "issue" is actually used as before-login banner for telnet, but for ssh it's displayed after login.

I suggest you file for an enhancement request.

Cheerio,

O.

View solution in original post

zimmerm

Yep... I got it. /etc/issue is the only thing that works.

I realize it's not a Linux/Unix system with start/stop scripts.

Thanks all..!

Mark

bogac_dagdevir

sorry all i am so new on Netapp and filer (actually never seen before).Looks like a linux clone, i think similar application. Roadway soon and then I will be more efficient.

Regards

zimmerm

/etc/issue  and  /etc/motd files are in place, these messages display after the login.   The ssh-banner messager suppose to come up before the login, before you type in the password.  Does OnTap not support a "true" ssh-banner?

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public