With a lot of port scanners and people attempting brute forcing, I add basic login messages to my linux servers so I can hopefully deter them from trying to run DDOS attacks against my servers. Not always effectivie, but worth a shot. Plus, if your organization requires legal messages for logins, this is pretty handy too. Here goes…

Pre-Login messages
Pre-login messages are handled by the ssh server and are shown after the user enters a username, but before being prompted for a password. To add a pre-login message, edit sshd_config and look for the “Banner” option in the config file. This options allows you to specificy a banner message file that is shown during the login process. For my example, I used /etc/ssh/ssh_banner as the file. Within this file, I added a message that states my servers are monitored, logged, and illegal activity is reported. The default option is not to show any message.

Here’s the list of commands I used…
# vi /etc/sshd_config
Banner /etc/ssh/ssh_banner (save and exit)

# vi /etc/ssh/ssh_banner
This server is monitored and all illegal activity is logged and reported! (save and exit)

# /etc/init.d/sshd restart

Post-login Message
Post-login messages are messages shown after the full login procedure. This can be used for alerts to the user (like password expirations) or additional legal notices. These are a little easier to work with and will probably be a better route to go. This message file is /etc/motd and can be editted on the fly without having ot restart ssh since ssh will alway use it. Here’s the list of commands I used…

# vi /etc/motd
Welcome to my server! All activity is logged and monitored! (save and exit)

 

** My servers are mostly fedora, centos, and red hat and this worked for all of them. But any ssh server over version 2.0 should allow these methods to show login messages! **