Solved: ssh banner

zimmerm · ‎2010-05-24

OnTap Admins.... where do I create the ssh-banner file? So that a Banner is displayed for ssh logins?

Thanks!

olaf · ‎2010-06-04

It's a Filer, not a Unix machine, there's no /etc/init.d on it, only /etc/rc for network setup.

Restarting SSH would mean rebooting the Filer.

In any case, having the file should have immedate effect on the next connection, if it was supported.

As far as I know NetApp did use existing code from an sshd implementation for Data ONTAP,

however even ONTAP 8 only supports those two files (issue and motd in /etc) according to its Docs.

According to:

http://now.netapp.com/NOW/knowledge/docs/ontap/rel727/html/ontap/sysadmin/accessing/concept/c_oc_accs_access-telnet-banner.html

the "issue" is actually used as before-login banner for telnet, but for ssh it's displayed after login.

I suggest you file for an enhancement request.

Cheerio,

O.

View solution in original post

loudymanschwab · ‎2014-10-31

Can't tell if this has been posted already.

In order to create a banner on 7-mode that will display AFTER logging in, create a text file /etc/issue OR /etc/motd (if you create both, they are both shown after login).

In order to create a banner on 7-mode that will disply BEFORE logging in, create a text file /etc/motd and set the option "ssh2.banner.enable" to on. This data displays after logging on also.

salindley · ‎2010-07-08

You're right this this isn't a Linux host, but there is a way to effectively restart services like "ssh" should you need to. I have used this on other services, don't think I've ever needed to do "ssh", but you'll get the idea. The command for ssh would be:

options ssh.enable off

options ssh.enable on

I've used this to flush and reload cached NIS information, as changed netgroups don't always "take" right away. Of course, change "ssh" to "nis" in the above, just to be clear.

zinovik_igor · ‎2010-05-24

You can create /etc/issue or /etc/motd with appropriate information.

fas1> wrfile -a /etc/issue 'Filer is in maintenance mode, AutoSupport is disabled, do not forget to enable it'

zimmerm · ‎2010-05-24

/etc/issue and /etc/motd are already there....

These messages display after you log in....

Still looking for the location or pointer that displays at the actual

"ssh" prompt before you type in the password. A solution would be to

have a link to the /etc/isuue file, this is normally what we display on

the Linux servers "Banner /etc/issue" as configured in the sshd_config

file in Linux, but OnTap doesn't seem to work this way.

Thanks!

Mark

bogac_dagdevir · ‎2010-06-04

Hi Zimmerm,

Please try following procedure,

Login as the root user; create your login banner file:

# vi /etc/ssh/sshd-banner

Append text:
Welcome to nixCraft Remote Login!

Open sshd configuration file /etc/sshd/sshd_config using a text editor:

# vi /etc/sshd/sshd_config

Add/edit the following line:

Banner /etc/ssh/sshd-banner

Save file and restart the sshd server:

# /etc/init.d/sshd restart

and try it

Regards

olaf · ‎2010-06-04

It's a Filer, not a Unix machine, there's no /etc/init.d on it, only /etc/rc for network setup.

Restarting SSH would mean rebooting the Filer.

In any case, having the file should have immedate effect on the next connection, if it was supported.

As far as I know NetApp did use existing code from an sshd implementation for Data ONTAP,

however even ONTAP 8 only supports those two files (issue and motd in /etc) according to its Docs.

According to:

http://now.netapp.com/NOW/knowledge/docs/ontap/rel727/html/ontap/sysadmin/accessing/concept/c_oc_accs_access-telnet-banner.html

the "issue" is actually used as before-login banner for telnet, but for ssh it's displayed after login.

I suggest you file for an enhancement request.

Cheerio,

O.

View solution in original post

zimmerm · ‎2010-06-04

Yep... I got it. /etc/issue is the only thing that works.

I realize it's not a Linux/Unix system with start/stop scripts.

Thanks all..!

Mark

bogac_dagdevir · ‎2010-06-04

sorry all i am so new on Netapp and filer (actually never seen before).Looks like a linux clone, i think similar application. Roadway soon and then I will be more efficient.

Regards

zimmerm · ‎2010-05-24

/etc/issue and /etc/motd files are in place, these messages display after the login. The ssh-banner messager suppose to come up before the login, before you type in the password. Does OnTap not support a "true" ssh-banner?

ssh banner

We're on Discord, are you?

Meet Explore, NetApp’s digital sales platform