Creating custom SSH welcome messages with MOTD and ISSUE.NET File

One of the easiest way to protect and secure SSH logins by displaying warming message to UN-authorized users or display welcome or informational messages to authorized users.

Being a system administrator whenever configure Linux servers I always use to configure a security banners for ssh logins. The banner contains some security warning information or general information. See my example banner message which I used for my all servers.

ALERT! You are entering into a secured area! Your IP, Login Time, Username has been noted and has been sent to the server administrator!
This service is restricted to authorized users only. All activities on this system are logged.
Unauthorized access will be fully investigated and reported to the appropriate law enforcement agencies.

There are two way to display messages one is using issue.net file and second one is using MOTD file.

1. issue.net : Display a banner message before the password login prompt.
2. motd : Display a banner message after the user has logged in.

So, I strongly recommended all system administrator to display a banner messages before allowing users to log in to systems. Just follow below simple steps to enable SSH logging messages.

Display SSH Warning Message to Users Before Login

To display Welcome or Warning message for SSH users before login. We use issue.net file to display a banner massages. Open the following file with VI editor.

[root@thelinuxwiki ~]# vi /etc/issue.net

Add the following banner sample message and save the file. You can add any custom banner message to this file.

###################################################
# you are trying to login to gateway and webserver of thelinuxwiki # 
# All connections are monitored and recorded                                  #
# Disconnect IMMEDIATELY if you are not an authorized user!      #
###################################################

Open the master ssh configuration file and enable banners.

[root@thelinuxwiki ~]#vi /etc/ssh/sshd_config

Search for the word “Banner” and uncomment out the line and save the file.

#Banner none

It should be like this.

Banner /etc/issue.net (you can use any path you want)

Next, restart the SSH daemon to reflect new changes.

[root@thelinuxwiki ~]# /etc/init.d/sshd restart
[root@thelinuxwiki ~]# Stopping sshd:                                           [  OK  ]
[root@thelinuxwiki ~]# Starting sshd:                                           [  OK  ]

Now try to connect to server you will see banner message similar to below.

                                                      SSH Banner Messages Before Login

Display SSH Warning Message to Users After Login

To display banner messages after login, we use motd file, which is used to display banner massages after login. Now open it with VI editor.

vi /etc/motd

Place the following banner sample message and save the file.

####################################################
## you are  logged in to gateway and webserver of thelinuxwiki      # 
## All connections are monitored and recorded                                 #
## Disconnect IMMEDIATELY if you are not an authorized user!     #
####################################################

Now again try to login into server you will get both the banner messages. See the screenshot attached below.

How To Avoid SSH Time Out While Working On The Command Line

If you’ve worked on the command line for a long time, you would have encountered the session time out problem on more than one occasion. Before you start abusing it though, understand that this brief period of inactivity is good from security point of view. But, it can still be problematic when you are working with operations that take a long time to run. So, in this article, we will discuss how you can avoid the SSH time out problem when working on the command line.

What usually happens to cause the problem is that the connection with the server is reset. So, when the user has been idle for some time, the error produced is ‘Connection reset by peer’. In order to avoid this, we need to use the Keep Alive option on the client or on the server. This gives us two ways to avoid being times out. 

1. Keep Alive Server Side: Server side keep alive is the less secure of the two options. This is because you need to perform an action as root and also because its effect comes on all the client connections and not just your own. Still, if you want to use this method, then here’s how.

- Log in as root

- Edit file at /etc/ssh/sshd_config

- Add this to the file: ClientAliveInterval 60

- Save file

- Restart sshd on the server

2. Keep Alive Client Side: While this method is similar to the Server Side Keep Alive method, it is the more secure of the two. When using Linux, the Client Side method has minor differences to the Server Side method. To use this method,

On Linux:

- Log in as root

- Edit file at /etc/ssh/ssh_config

- Add this to the file: ServerAliveInterval 60

- Save file

On Windows: You have to use PuTTY,

- Open PuTTY

- Click on the Connection Category in the left menu

- Check the box for Enable TCP keepalives (SO_KEEPALIVE option)

Ping multiple hotsts at once on Linux

fping – Ping multiple hotsts at once on Linux

fping is a ping like program which uses the Internet Control Message Protocol (ICMP) echo request to determine if a host is up. fping is different from ping in that you can specify any number of hosts on the command line, or specify a file containing the lists of hosts to ping.

Instead of trying one host until it timeouts or replies, fping will send out a ping packet and move on to the next host in a round-robin fashion. If a host replies, it is noted and removed from the list of hosts to check. If a host does not respond within a certain time limit and/or retry limit it will be considered unreachable.
Unlike ping, fping is meant to be used in scripts and its output is easy to parse.

Scanning a network should not be done without prior permission. Many networks and systems will view a network scan as an aggressive action regardless of how trivial and petty it might be. Please keep this in mind before utilizing this tool.

For CentOs 5.x/6.x this utility is provided from the EPEL repository , just install it with :
yum install fping

Let’s start with a very simple scan, our own system:

fping  192.168.1.1	Nice …. it return that our router is alive 192.168.1.1 is alive
fping -a < ip_list.txt	Let’s try scanning a larger chunk of our network using a file for input instead of typing in IP addresses at the command line: 192.168.1.1 is alive 192.168.1.3 is alive
fping -f ip_list.txt	e file “ip_table.txt” just contains the IP addresses from 192.168.1.0 to 192.168.1.10 with each IP address on its own line. In my above command line example I piped in the file. If you are logged into your system as root you can use this command instead:
fping -a -d < ip_list.txt	The -d flag will attempt to resolve host names for each IP address while the -a flag will only show alive hosts. Again I piped a list of IP addresses into fping.
fping -g 192.168.1.0/24	If you wanted to specify a range of IP addresses at the command line, say all 255 possible hosts of 192.168.1.*, you could use the -g flag

There are quite a few more options capable of being used with fping. I would recommend reading the man page for fping to learn more about this tool.

If you want to quickly scan a network for reachable hosts then fping will easily provide you with that capability. It is a simple tool that can be run while you work on other things should you need to scan a large network (but not as long as ping!). It is also worth learning because fping can be incorporated into your own custom scripts since it’s output is easy to parse. A drawback to using fping is that the perimeter of networks will often block ICMP traffic into the internal network. This is overcome by using nmap which we’ll look at another day. Happy scanning!