GitHub

Setting a Custom SSH Warning Banner

Create the Banner File

  1. Create a file to store your warning banner text. This file typically resides in /etc/issue.net .

nano /etc/issue.net

  1. Add your warning message. 

WARNING: Unauthorized access to this system is prohibited.

All activities are monitored and logged.

  1. Save and exit the editor.

Configure SSH Warning Banner

  1. Edit the OpenSSH server configuration file:

nano /etc/ssh/sshd_config

  1. Locate the Banner directive and set it to the path of your banner file:

Banner /etc/issue.net

  1. Save and exit the editor.

  2. Apply the changes by restarting the SSH service:

systemctl restart sshd

Test the Banner

Connect to the server using SSH and check if the banner appears:

ssh username@your-server-ip

The banner should display before the login prompt.

  • Ensure the banner file is readable by the SSH daemon. Use the following command to set permissions:

chmod 644 /etc/issue.net

  • Some systems might have a default banner in /etc/issue, but this is usually displayed for local logins. Use /etc/issue.net for remote SSH logins.

  • Avoid including sensitive or excessive details in the banner, as this information is visible to anyone attempting to connect.

Last updated

Was this helpful?