Giving yourself a quieter SSH login
Posted by Steve on Fri 24 Aug 2007 at 15:13
Usually when you connect to a server remotely, via ssh, you'll be shown the "message of the day", the last time you logged in to the machine, and other details. Here's a simple way to disable that behaviour.
By default the display of the message of the day is read from the file /etc/motd - this is usually configured to happen by PAM, via a line such as this in /etc/pam.d/ssh & /etc/pam.d/login:
# Prints the motd upon succesful login session optional pam_motd.so
The obvious way to disable this behaviour is to remove this from the relevant PAM file(s). However doing this will remove the behaviour from all users of the machine - which might not be appreciated.
Instead we're going to look at the file /etc/login.defs - this file contains various settings which are used by different login programs.
By default you should see this:
# # If defined, file which inhibits all the usual chatter during the login # sequence. If a full pathname, then hushed mode will be enabled if the # user's name or shell are found in the file. If not a full pathname, then # hushed mode will be enabled if the file exists in the user's home directory. # HUSHLOGIN_FILE .hushlogin #HUSHLOGIN_FILE /etc/hushlogins
This is our solution. If you want to have a "quiet" login then you may run this:
skx@vain:~$touch ~/.hushlogin
To show the difference in behaviours here's an example of before and after (note that I'm using SSH keys here, so there is no password prompt):
Before creating .hushlogin
skx@vain:~$ssh localhost Linux steve 2.6.18-4-686 #1 SMP Wed May 9 23:03:12 UTC 2007 i686 The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Last login: Fri Aug 24 09:38:52 2007 from localhost.localdomain skx@vain:~$
After creating .hushlogin
skx@vain:~$ssh localhost skx@vain:~$
The downside to this solution is that you might miss a message saying something like this:
Last login: Wed Aug 22 16:00:10 2007 from l33t.hax0r.some.ips
(I did once detect that an account of mine had been compromised when I noticed the previous login location was utterly unlikely to have been mine ..)
[ Send Message | View cparker's Scratchpad | View Weblogs ]
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
[ Send Message | View Steve's Scratchpad | View Weblogs ]
Run this:
cp /etc/motd /etc/motd.header
Then create /etc/cron.hourly/motd with something like this in it:
#!/bin/sh cp /etc/motd.header /etc/motd /usr/games/fortune >> /etc/motd
That should do the job ..
[ Parent | Reply to this comment ]
#!/bin/sh
cp /etc/motd.header /etc/motd.new
/usr/games/fortune >> /etc/motd.new
mv /etc/motd.new/etc/motd
#EOF
this way there the new motd file is put in place atomically so three is no race condition.
(yes I'm bored!)
Anon
[ Parent | Reply to this comment ]
Unless, of course, /usr/games/fortune executes for more than an hour ... ;-)
(This is Saturday -- I'm bored too)
-Martin
[ Parent | Reply to this comment ]
But where exactly is the (theoretical?) race condition in the first script, and how does the second script solve this?
Thanks!
-Lucas
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
If you want to run only few commands remotely, you can just type #ssh user@host bash
In this case, no virtual terminal will be created, so, "w" command will not disclosure you.
[ Parent | Reply to this comment ]
simply
PrintMotd no
in /etc/ssh/sshd_config
polarizers 2 cents
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
man faillog
man last
man lastb
man lastlog
man chklastlog
(Part of chkrootkit.)
[ Parent | Reply to this comment ]
Cheers,
Rod Ross
[ Parent | Reply to this comment ]