I have a warning message that is displayed to a user after they enter their username to log in to our Linux servers. I only want to display this message for password authentications, and not when keys are used. It should only show to a user who is logging into a host, and not when they are sshing from one host to another (our hosts all have keys set up so we can ssh from one to another without entering passwords).
Currently, I have a line for Banner in the /etc/ssh/sshd_config file which points to a text file containing the warning message. Banner doesn't appear to have any further config options, so I'm wondering if there is a way to do this with pam or some other mechanism? Thanks.
Yes, you can use the
pam_echoplugin:This should produce the pam_echo output after password login.
See http://www.linux-pam.org/Linux-PAM-html/sag-pam_echo.html for docs.
Edit: You'll also need to make sure you have
UsePAM yesin yoursshd_config. Replaced password with auth.Are you talking about user keys
~/.ssh/authorized_keysor host keys/etc/ssh/ssh_known_hosts?Banneris displayed before any authentication happens.You can try checking the remote (source) hostname: check with
pam_accessif the user comes from outside your network:/etc/pam_access_localnet.conf: