System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

How to arrange that sftp user won't see the message in /etc/issue ?

 
SOLVED
Go to solution
WW269587
Occasional Visitor

How to arrange that sftp user won't see the message in /etc/issue ?

How can I arrange that the message in /etc/issue is not display'd when a sftp users logs in ?

PS .hushlogin does not work ( only for /etc/motd

ssh version used : HP-UX Secure Shell-A.04.40.011, HP-UX Secure Shell version
5 REPLIES
Jozef_Novak
Respected Contributor

Re: How to arrange that sftp user won't see the message in /etc/issue ?

Hello,

do you use dedicated sftp users ? If yes, you can modify the code displaying the content of /etc/issue somehow like this:

if [ $LOGNAME != sftp_user] then cat /etc/issue


J.
Mel Burslan
Honored Contributor
Solution

Re: How to arrange that sftp user won't see the message in /etc/issue ?

Characteristic of displaying the /etc/issue is a function of how sshd runs on the host you are connecting to via sftp

on the server side, you need to edit /opt/ssh/etc/sshd_config file and comment out the line looking like this :

Banner /etc/issue

then stop and restart sshd using

/sbin/init.d/secsh stop
/sbin/init.d/secsh start

but keep in mind that people connecting via ssh will not be able to see the /etc/issue as well. If this is accaptable, go ahead and modify it.
________________________________
UNIX because I majored in cryptology...
WW269587
Occasional Visitor

Re: How to arrange that sftp user won't see the message in /etc/issue ?

Hi Mel ,

thanks for your reply ..
The problem is that we need that banner info for all users using ssh . ( Needed for security audits ) . Only a couple of sftp users doesn't want to see this banner info.
Mel Burslan
Honored Contributor

Re: How to arrange that sftp user won't see the message in /etc/issue ?

Since it is a pre-login information, there is no way that you can modify its display behavior by profile and/or .*rc scripts to the best that I know. Display or not display is under the con trol of the sshd on the server side and as you can guess, ssh, scp and sftp use the same sshd daemon for connecting from clients to this server. So, displaying it for one application and not for the other is not something that is readily available by modifying something in the config file.

One thing comes to mind, you can opt to run another sshd bound to another obscure port of your choosing with a different config file and you can distribute a wrapper script for the sftp users which will execute the sftp command with the port number of your choosing. Otherwise, they have to live with the display of the /etc/issue.
________________________________
UNIX because I majored in cryptology...
WW269587
Occasional Visitor

Re: How to arrange that sftp user won't see the message in /etc/issue ?

Hi Mel ,

Again thanks for this info , I was already afraid of this answer .
I think the user will have to except the last line you wrote .

Thanks , nice weekend !