Is it possible to have SSH display an "active" banner, by running a script to generate the banner each time, rather than read a static file

Asked Jul 03 '20 at 22:17

Active Jul 03 '20 at 22:17

Viewed 169 times

The sshd_config banner directive reads a file, but I want it to run a script, and ideally personalize the banner to the user... is this possible with ssh, or is there a way I can create a device file or fifo that runs a script, then have sshd read that for the banner.

sshd is able to do this with directives such as AuthorizedKeysCommand, and pass details about the user to the script, so there is some precedent. Also the daemon at least knows the username attempting to connect before displaying the banner.

asked Jul 03 '20 at 22:17

James Lewis

As far as I can see the banner is read once on sshd startup which means what you're looking for is impossible unless you're ready to patch sshd in order to make it do what you want from it. – Artem S. Tashkinov Jul 04 '20 at 06:27
You might be able to do something using `ForceCommand` to run a script that wrote another banner before running the login shell. – meuh Jul 04 '20 at 17:47
You can tie a command to a key, so connecting using that key will launch that command on the remote end. You could also use the users shell initialization files to put things to print there – Patrick Mevzek Jul 04 '20 at 19:01

Is it possible to have SSH display an "active" banner, by running a script to generate the banner each time, rather than read a static file

0 Answers0