The banner option mentioned below has seemed to satisfy. I haven't had time, yet, to test the /issue option. Hope to get that done this weekend. Hopefully, that will show the warning message on the console login page. Although no one ever gets in that room but the people who already have the password anyway. Can't get that to fly, though. Have any of you tried to run the cis-scan tool yet? That's what the security guy is having me run. I think we got it off the NIST website. If there's interest, I'll find the link and post it here. Kelley -----Original Message----- From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Wayne Betts Sent: Wednesday, January 25, 2006 4:48 PM To: General Red Hat Linux discussion list Subject: Re: Login Warning Apparently Kelley Coleman (Kelley.Coleman@xxxxxx) wrote: >I've been tasked to get login warnings on our Linux systems. On the >console, I need a login warning to display on the same screen or on an >immediately prior screen where the username and password would be >entered. > >I also need to display the same or similar warning on all ssh and sftp >connections. I've found where I can get the warnings to show AFTER >someone has connected, but not before. Seems a little counter-intuitive >to me, but I'm told by our security officer that it is a requirement. > >Any thoughts? > >Kelley Coleman > > Try the Banner option in the sshd_config. It displays the banner before the login process is done, and still allows a separate motd if you like which as you've discovered is displayed after authentication. In the sshd_config file, look for (or add yourself) a line starting with "Banner" There is probably already a Banner line commented out. Here for instance is what mine looks like: # no default banner path #Banner /some/path Banner /etc/DOEbanner The first two lines are exactly as packaged, effectively turning the option off since they are commented out. The third line I added (plus of course I created the file /etc/DOEbanner with the required text.) (Restart your sshd (or SIGHUP) to reread the new configuration once done.) Hth, Wayne (not Wayner) -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
