Stop ssh login from printing motd from the client?

I'm not sure why you have an aversion to doing this correctly - either on the server a la

PrintMotd no
PrintLastLog no

and

#/etc/pam.d/ssh
# Print the message of the day upon successful login.
# session    optional     pam_motd.so

Or adding ~/.hushlogin for each user.

Hint, for ~/.hushlogin, add it to /etc/skel so new user home directories are created with the file.

Update:

Without more information about your backup cron job, my only other suggestion is to redirect the output of the command to a file (or let cron capture it in email) and the output of the ssh session to /dev/null. Something like:

0 0 * * * ssh backuphost "backup_script_that_writes_to_a_log" >/dev/null

Or

0 0 * * * ssh backuphost "backup_command 2>&1" >/dev/null

I'd have to play around with the commands a bit, but that should get you started.

@note All examples assume you've set a variable connectionString with something like connectionString=user@server.

How I got to the solution

Using ssh -T should work for simple commands. For example this doesn't print any extra information:

ssh -T $connectionString "echo 'blah'"

The problem is when you try to use here-doc to run many commands. For example - bellow will NOT work - it will echo message of the day (MoTD) and also might show you "stdin: is not a tty".

somethingLocal='something local'
ssh -T $connectionString <<EOC
    echo 'blah'
    echo "blah $somethingLocal"
EOC

To workaround the issue you need first save commands to local variable and the send them to remote server.

somethingLocal='something local'
read -r -d '' commands <<EOC
    echo 'blah'
    echo "blah $somethingLocal"
EOC
ssh -T $connectionString "$commands"

But that's messy...

Final solution

Make a universal function (note that it can take a string or HEREDOC as commands).

function silentSsh {
    local connectionString="$1"
    local commands="$2"
    if [ -z "$commands" ]; then
        commands=`cat`
    fi
    ssh -T $connectionString "$commands"
}

Examples

Use this like so:

somethingLocal='something local'
silentSsh $connectionString <<EOC
    echo 'blah'
    echo "blah $somethingLocal"
EOC

Or like so:

silentSsh $connectionString "echo 'blah'"

Or like so:

silentSsh $connectionString <<'EOC'
    echo 'blah'
    somethingRemote=`echo 'whatever'`
    echo "blah $somethingRemote"
EOC

Or even like so:

silentSsh $connectionString < getlines.sh

If you want this on a per-user basis, just do a touch ~/.hushlogin and you're all set with OpenSSH.

Update: As pointed out elsewhere, pam_motd may be configured to not use a per-user .hushlogin; check /etc/login.defs for HUSHLOGIN_FILE. It may be configured to have all users listed in /etc/hushlogins or similar.

How about this hack? ;-P

ssh -t user@machineName '/bin/bash'

The following is not valid:

Passing -T to ssh to disable tty allocation:

ssh -T machineName 'echo foo'

What operating system is this? On some systems (like ubuntu) the motd isn't printed by the ssh server (PrintMotd in /etc/ssh/sshd_config), but by pam with pam_motd. If this is the case then you probably can't control it from the client.

You have to do it on the server:

PrintMotd no
PrintLastLog no

On debian/ubtuntu also hash the line with pam_motd.so:

#/etc/pam.d/ssh
# Print the message of the day upon successful login.
# session    optional     pam_motd.so

Don't execute ssh command directly by cron.

Make an helper bash script instead, executing the ssh job and fetching the output, the errors and the error code if needed; eventually parse them in order to remove unwanted strings from error messages (the MoTD in your case) and then re print on the bash script output and error streams what you have obtained in such a way.

Than put this bash script in cron and live happy :)

Note: This is a general solution, and has to work whatever is the job you have to perform via ssh. It is only client side too, which should fulfill your needs ... the only dependence of the client on the server config is the knowledge of the exact message you want to cut out from the std err or out of ssh client

Just a sidenote (would have been a comment, if I could post that): Contents of motd are shown after successfull login to the system. If I'd like to legally prevent people from accessing a box I'd rather do that by a "Banner" in sshd_config. The contents are displayed after entering Username but before authenticating.

Either you haven't tried what you're describing, or your servers are configured wrong!

Here's what I just tried on RHEL5:

workstation ~ $ ssh root@server
server ~ # echo "MOTD" > /etc/motd
server ~ # ^D
workstation ~ $ ssh root@server
MOTD
server ~ # ^D
workstation ~ $ ssh root@server echo notice the lack of motd
notice the lack of motd
workstation ~ $ 

I don't suppose you need the disclaimer to be sent to non-interactive shells, do you? (If anyone claims you do, do me a favor, kick them in the nuts.) Because that's exactly why there's a distinction between interactive shells and non-interactive ones.

But in any case, here's what I do because I don't like mail from cron: I pipe the output to logger. Just pipe it through tail to remove the first few (let's say 3) lines of your pointless disclaimer as such (untested code, I don't have access to my scripts):

( tail -n +3 | logger -i -t mycronjob -s -p cron.crit ) <&6 &
exec 2>&6
cron_fsckin_job

If I understand you, you need motd for other reasons but don't need motd for backup. In the config of sshd cannot set it up by user basis only globally. Therefore you need solve motd supression in client side. But there is not difference between motd's text and the backup software's error messages. Both are text in the terminal. The only solution I see to make difference between this two message then filter the motd's one. Because software's messages are hard to modify I suggest to modify motd's text. For example put a frame around:

*** BEGIN message from the machine room ***

motd message

*** END message from the machine room ***

Then you should filter out the text between the frame and drop it.