For many years I’ve been editing /etc/motd warning unwelcome visitors that they shouldn’t be on my systems. Unfortunately, by the time they see the motd they’re already on my system! SSH has an option to display a banner before a visitor is prompted for a password! Not only is this feature great for warning unwelcome visitors they should stay away… It can also be used as acknowledgment of an acceptable use policy! They have to read the banner before they login!

So what do I have to do to make this work? Read on!

First login into the server you wish to set up the banner for. The configuration files for sshd are all located in /etc! Next you’ll need to create the file that contains the disclaimer. In my case in named it ssh_banner.

Open you favorite text editor and create your login banner file:

sudo vi /etc/sshd_banner

Edit the file however you wish. I have the following:

Unauthorized Access Prohibited!
Authorized users are bound by randomdog.net’s acceptable use policy!

Next you’re going to have to edit the ssd_config file.

sudo vi /etc/sshd_config

The line you are looking for is:

# no default banner path
# Banner path/to/file

Edit it to read

# no default banner path
Banner /etc/sshd_banner

The last thing you need to do is restart the sshd process.
This can either be done by using ServerAdmin Select the server you were working on… then under the settings tab deselect Remote Login (SSH) save and then re-enable.
or on OS X client go to Sharing… then deselect Remote Login save and then re-enable.

You should now see something like this:

columbia:~ billheese$ ssh billheese@10.0.10.10
Unauthorized Access Prohibited!
Authorized users are bound by randomdog.net’s acceptable use policy!
Password: