Hi,
while trying to customize a message of the day by adding a file in the /etc/profile.d folder and trying to login via ssh to get a new welcome message, by overriding the /etc/motd file, i noticed that the parameter is completely uneffective.
EIther if i leave it like the default settings
#PrintMod yes
or uncommenting mode and "no"
PrintMod no
...i do always get both themessage from /etc/motd file and my new message in /etc/profile.d/greetings.sh
some details
1) my kernel version is
5.14.0-419.el9.x86_64 and ssh is OpenSSH_8.7p1, OpenSSL 3.0.7 1 Nov 2022
2) i made the greetings.sh file executable
3) i always restart sshd service
is there any one of you that have experienced the same issue or can provide any tip about this issue?
Thank you in advance
Paolo
Parameter PrintMod in sshd_config file not effective
-
- Posts: 3
- Joined: 2023/11/02 11:06:40
Re: Parameter PrintMod in sshd_config file not effective
man sshd_config writes:
If binary has 'yes' as default, but system shows 'no', then where is explicit config?
I see you!
This is all about how sshd is and should be configured in EL9.
The content of /etc/ssh/sshd_config.d/50-redhat.conf overrides everything that is after the
in /etc/ssh/sshd_config
The solution (if you want 'yes') is:
Things set in /etc/ssh/sshd_config.d/00-my.conf override same things in /etc/ssh/sshd_config.d/50-redhat.conf.
However, the "default" seems to be 'no':PrintMotd
Specifies whether sshd(8) should print /etc/motd when a user logs in interactively. (On some systems it is also printed by the shell, /etc/profile, or equivalent.) The default is yes.
Code: Select all
# sshd -T | grep printmotd
printmotd no
Code: Select all
# grep -ri printmotd /etc/ssh
/etc/ssh/sshd_config:#PrintMotd yes
/etc/ssh/sshd_config.d/50-redhat.conf:# It is recommended to use pam_motd in /etc/pam.d/sshd instead of PrintMotd,
/etc/ssh/sshd_config.d/50-redhat.conf:PrintMotd no
This is all about how sshd is and should be configured in EL9.
The content of /etc/ssh/sshd_config.d/50-redhat.conf overrides everything that is after the
Code: Select all
Include /etc/ssh/sshd_config.d/*.conf
The solution (if you want 'yes') is:
Code: Select all
echo "PrintMotd yes" >> /etc/ssh/sshd_config.d/00-my.conf
-
- Posts: 3
- Joined: 2023/11/02 11:06:40
Re: Parameter PrintMod in sshd_config file not effective
Hi jlehtone
Thanks a lot for the effort
what i really wanted is simply that the new greetings.sh in /etc/profile.d folder,. ovverides the /etc/motd file content.
What i understood is that if i set . by uncommenting it
PrintMotd no
in the sshd_config file,and restart the sshd service, the message in greetings.sh will show up, while the /etc/motd file message no
Instead, that parameter is completely uneffective. as explaine before.
i always got both messages regardless of what i se there.
however, i created a 00. conf file as you said but i dont get any effect,
I always got 2 messages,
Thanks a lot for the effort
what i really wanted is simply that the new greetings.sh in /etc/profile.d folder,. ovverides the /etc/motd file content.
What i understood is that if i set . by uncommenting it
PrintMotd no
in the sshd_config file,and restart the sshd service, the message in greetings.sh will show up, while the /etc/motd file message no
Instead, that parameter is completely uneffective. as explaine before.
i always got both messages regardless of what i se there.
however, i created a 00. conf file as you said but i dont get any effect,
I always got 2 messages,
Re: Parameter PrintMod in sshd_config file not effective
The main point was that the config is "PrintMotd no" to begin with -- sshd does not show any motd.
The comment that grep did pick tells partly why:
Based on that comment you should look at /etc/pam.d/sshd and find out what pam_motd does do.
The comment that grep did pick tells partly why:
(You may want to read the entire /etc/ssh/sshd_config.d/50-redhat.conf since my minimal grep did not show whole sentence.)It is recommended to use pam_motd in /etc/pam.d/sshd instead of PrintMotd
Based on that comment you should look at /etc/pam.d/sshd and find out what pam_motd does do.