How to Show Security Warning Message to SSH Unauthorized Users

[‘

n

SSH banner warnings are crucial when companies or organizations want to show a strict warning message to discourage unauthorized users from accessing a Linux server.

n

These SSH banner warning messages are displayed just before the SSH password prompt so that unauthorized users who are about to gain access are made aware of the aftermath of doing so. Typically, these warnings are legal consequences that unauthorized users can suffer should they decide to ahead with accessing the server.

n

Be cautious that a banner warning is by no means a way of blocking unauthorized users from logging in. The warning banner is simply a warning meant to warn unauthorized users from logging in. If you want to block unauthorized users from logging in, then additional SSH configurations are required.

n

The SSH banner contains some security warning information or general information. Following are some example SSH banner messages which I use on my Linux servers.

n

Example SSH Banner Message 1:

n

#################################################################rn#                   _    _           _   _                      #rn#                  / \  | | ___ _ __| |_| |                     #rn#                 / _ \ | |/ _ \ '__| __| |                     #rn#                / ___ \| |  __/ |  | |_|_|                     #rn#               /_/   \_\_|\___|_|   \__(_)                     #rn#                                                               #rn#  You are entering into a secured area! Your IP, Login Time,   #rn#   Username has been noted and has been sent to the server     #rn#                       administrator!                          #rn#   This service is restricted to authorized users only. All    #rn#            activities on this system are logged.              #rn#  Unauthorized access will be fully investigated and reported  #rn#        to the appropriate law enforcement agencies.           #rn#################################################################rn

n

Example SSH Banner Message 2:

n

ALERT! You are entering a secured area! Your IP, Login Time, and Username have been noted and have been sent to the server administrator!rnThis service is restricted to authorized users only. All activities on this system are logged.rnUnauthorized access will be fully investigated and reported to the appropriate law enforcement agencies.rn

n

There are two ways to display messages one is using the issue.net file and the second one is using the MOTD file.

n

    n

  • /etc/issue.net – Display a warning banner message before the password login prompt.
  • n

  • /etc/motd – Display a welcome banner message after the user has logged in.
  • n

n

So, I strongly recommended all system administrators display banner messages before allowing users to log in to systems. Just follow below simple steps to enable SSH logging messages.

n

Display SSH Warning Message to Users Before Login

n

To display SSH warning messages to all unauthorized users, you need to access the /etc/issue.net file to display banner messages using your preferred text editor.

n

$ sudo vi /etc/issue.netrnOrrn$ sudo nano /etc/issue.netrn

n

Add the following banner sample message and save the file. You can add any custom banner message to this file.

n

#################################################################rn#                   _    _           _   _                      #rn#                  / \  | | ___ _ __| |_| |                     #rn#                 / _ \ | |/ _ \ '__| __| |                     #rn#                / ___ \| |  __/ |  | |_|_|                     #rn#               /_/   \_\_|\___|_|   \__(_)                     #rn#                                                               #rn#  You are entering into a secured area! Your IP, Login Time,   #rn#   Username has been noted and has been sent to the server     #rn#                       administrator!                          #rn#   This service is restricted to authorized users only. All    #rn#            activities on this system are logged.              #rn#  Unauthorized access will be fully investigated and reported  #rn#        to the appropriate law enforcement agencies.           #rn#################################################################rn

n

Next, open the /etc/ssh/sshd_config configuration file.

n

$ sudo vi /etc/ssh/sshd_configrnOrrn$ sudo nano /etc/ssh/sshd_configrn

n

Search for the word “Banner” and uncomment out the line and save the file.

n

#Banner /some/pathrn

n

It should be like this.

n

Banner /etc/issue.net (you can use any path you want)rn

n

SSH Banner Path
SSH Banner Path

n

Next, restart the SSH daemon to reflect new changes.

n

$ sudo systemctl restart sshdrnOrrn$ sudo service restart sshdrn

n

Now try to connect to the server you will see a banner message similar to below.

n

SSH Warning Banner Message
SSH Warning Banner Message

n

Display SSH Welcome Message to Users After Login

n

To display SSH welcome banner messages after login, we use /etc/motd file, which is used to display banner messages after login.

n

$ sudo vi /etc/motdrnOrrn$ sudo nano /etc/motdrn

n

Place the following welcome banner sample message and save the file.

n

###############################################################rn#                        TECMINT.COM                          #rn###############################################################rn#                  Welcome to TecMint.com!                    #rn#       All connections are monitored and recorded.           #rn#  Disconnect IMMEDIATELY if you are not an authorized user!  #rn###############################################################rn

n

Now again try to login into the server you will get both banner messages. See the screenshot attached below.

n

SSH Banner Messages
SSH Banner Messages

n

And that’s it. We hope you can now add your own custom SSH banner messages on your server to warn unauthorized users from accessing the system.

n

‘]