1. Introduction
In this tutorial, we’ll learn three different ways to create a custom welcome message for SSH sessions in Linux.
2. Using /etc/motd
MOTD (message of the day) is a message to all users after a successful login, immediately before the shell is started. Of course, this includes ssh connections.
To use MOTD, we just need to write our message in /etc/motd. Before we do that, first we need to ensure that motd is enabled in the SSH configuration. For this purpose, we have to set PrintMotd to yes in /etc/ssh/sshd_config:
PrintMotd yes
Now, we can easily edit /etc/motd with any editor and type our message in it:
$ vi /etc/motd
[...]
$ cat /etc/motd
=========================
-- Welcome to Baeldung --
=========================
To apply changes, we restart the sshd service :
$ sudo systemctl restart sshd
Finally, we can verify the message upon connecting to the server:
$ ssh 192.168.1.86
[email protected]'s password:
=========================
-- Welcome to Baeldung --
=========================
Last login: Wed Dec 7 10:39:00 2022 from 192.168.0.123
If we want to remove the last login message from the bottom, we can again edit /etc/ssh/sshd_config and change PrintLastLog to no:
PrintLastLog no
To disable showing the motd message, we can change PrintMotd to no, or use an alternative approach:
$ touch ~/.hushlogin
This command just makes an empty file named .hushlogin in the home directory of the user, so motd stops showing for them from now on.
3. Using banner
For this method, we’ll use a file just like motd, but for a banner. Banners are shown when an ssh session is connected and right before the authorization, so unauthorized users can see this type of message too. For this reason, we can use a banner to show global warnings about authorization.
First, we’ll create a file with a path that our SSH server has access to:
$ vi /etc/banner
Now, we can fill it with our desired message like the below:
================================================
------- Unauthorized access is prohibited ------
- Only authorized users can access this system -
================================================
Now, we need to ensure /etc/sshd/sshd_config contains the proper configuration:
Banner /etc/banner
The Banner statement sets the banner file to use.
After saving the config file, it’s time to restart sshd to apply our changes:
$ systemctl restart sshd
Let’s connect ssh with an unauthorized user and see happens:
$ ssh [email protected]
================================================
------ Unauthorized access is prohibited -------
- Only authorized users can access this system -
================================================
[email protected]: Permission denied
We can see our banner shows before authorization, although we’re not allowed to login as root.
4. Using a Script
We’ll write a Bash script to display our message and then place it in a specific path. The most important advantage of using a script is that we have the possibility to get and print various important data such as disk space, memory used, CPU usage, and others.
The contents of our bash script could be something like the below:
#!/bin/bash
echo "
=========================
-- Welcome to Baeldung --
=========================
"
This is a very simple script that just prints our earlier MOTD via the echo command. However, we can also get more useful information:
#!/bin/bash
hostName=`uname -n`
diskSpace=`df -Ph | grep xvda1 | awk '{print $4}' | tr -d '\n'`
memoryUsed=`free -t -m | grep Total | awk '{print $3" MB";}'`
echo "
===========================================
- Hostname............: $hostName
- Disk Space..........: $diskSpace
- Memory used.........: $memoryUsed
===========================================
"
In this script, xvda1 is the name of our main filesystem device. We get the filesystem names and disk spaces via df. Moreover, we use free to check memory usage.
Finally, let’s save this script to welcome.sh and make it executable:
$ chmod +x welcome.sh
After this, in Ubuntu, we can simply copy welcome.sh to /etc/update-motd.d/:
$ cp welcome.sh /etc/update-motd.d/
On the other hand, CentOS expects the file in /etc/profile.d:
$ cp welcome.sh /etc/profile.d/
After logging in again, we should be able to see the message.
5. Conclusion
In this article, we discussed a custom welcome message for SSH*.* We covered three ways with different usages. Moreover, we can use all of them together for different approaches.