How to Show Security Warning Message to SSH Unauthorized Users

SSH banner warnings are crucial when companies or organizations want to show a strict warning message to discourage unauthorized users from accessing a Linux server.

These SSH banner warning messages are displayed just before the SSH password prompt so that unauthorized users who are about to gain access are made aware of the aftermath of doing so. Typically, these warnings are legal consequences that unauthorized users can suffer should they decide to ahead with accessing the server.

Be cautious that a banner warning is by no means a way of blocking unauthorized users from logging in. The warning banner is simply a warning meant to warn unauthorized users from logging in. If you want to block unauthorized users from logging in, then additional SSH configurations are required.

The SSH banner contains some security warning information or general information. Following are some example SSH banner messages which I use on my Linux servers.

Example SSH Banner Message 1:

#################################################################
#                   _    _           _   _                      #
#                  / \  | | ___ _ __| |_| |                     #
#                 / _ \ | |/ _ \ '__| __| |                     #
#                / ___ \| |  __/ |  | |_|_|                     #
#               /_/   \_\_|\___|_|   \__(_)                     #
#                                                               #
#  You are entering into a secured area! Your IP, Login Time,   #
#   Username has been noted and has been sent to the server     #
#                       administrator!                          #
#   This service is restricted to authorized users only. All    #
#            activities on this system are logged.              #
#  Unauthorized access will be fully investigated and reported  #
#        to the appropriate law enforcement agencies.           #
#################################################################

Example SSH Banner Message 2:

ALERT! You are entering a secured area! Your IP, Login Time, and Username have been noted and have been sent to the server administrator!
This service is restricted to authorized users only. All activities on this system are logged.
Unauthorized access will be fully investigated and reported to the appropriate law enforcement agencies.

There are two ways to display messages one is using the issue.net file and the second one is using the MOTD file.

  • /etc/issue.net – Display a warning banner message before the password login prompt.
  • /etc/motd – Display a welcome banner message after the user has logged in.

So, I strongly recommended all system administrators display banner messages before allowing users to log in to systems. Just follow below simple steps to enable SSH logging messages.

Display SSH Warning Message to Users Before Login

To display SSH warning messages to all unauthorized users, you need to access the /etc/issue.net file to display banner messages using your preferred text editor.

$ sudo vi /etc/issue.net
Or
$ sudo nano /etc/issue.net

Add the following banner sample message and save the file. You can add any custom banner message to this file.

#################################################################
#                   _    _           _   _                      #
#                  / \  | | ___ _ __| |_| |                     #
#                 / _ \ | |/ _ \ '__| __| |                     #
#                / ___ \| |  __/ |  | |_|_|                     #
#               /_/   \_\_|\___|_|   \__(_)                     #
#                                                               #
#  You are entering into a secured area! Your IP, Login Time,   #
#   Username has been noted and has been sent to the server     #
#                       administrator!                          #
#   This service is restricted to authorized users only. All    #
#            activities on this system are logged.              #
#  Unauthorized access will be fully investigated and reported  #
#        to the appropriate law enforcement agencies.           #
#################################################################

Next, open the /etc/ssh/sshd_config configuration file.

$ sudo vi /etc/ssh/sshd_config
Or
$ sudo nano /etc/ssh/sshd_config

Search for the word “Banner” and uncomment out the line and save the file.

#Banner /some/path

It should be like this.

Banner /etc/issue.net (you can use any path you want)
SSH Banner Path
SSH Banner Path

Next, restart the SSH daemon to reflect new changes.

$ sudo systemctl restart sshd
Or
$ sudo service restart sshd

Now try to connect to the server you will see a banner message similar to below.

SSH Warning Banner Message
SSH Warning Banner Message

Display SSH Welcome Message to Users After Login

To display SSH welcome banner messages after login, we use /etc/motd file, which is used to display banner messages after login.

$ sudo vi /etc/motd
Or
$ sudo nano /etc/motd

Place the following welcome banner sample message and save the file.

###############################################################
#                        TECMINT.COM                          #
###############################################################
#                  Welcome to TecMint.com!                    #
#       All connections are monitored and recorded.           #
#  Disconnect IMMEDIATELY if you are not an authorized user!  #
###############################################################

Now again try to login into the server you will get both banner messages. See the screenshot attached below.

SSH Banner Messages
SSH Banner Messages

And that’s it. We hope you can now add your own custom SSH banner messages on your server to warn unauthorized users from accessing the system.

Hey TecMint readers,

Exciting news! Every month, our top blog commenters will have the chance to win fantastic rewards, like free Linux eBooks such as RHCE, RHCSA, LFCS, Learn Linux, and Awk, each worth $20!

Learn more about the contest and stand a chance to win by sharing your thoughts below!

Ravi Saive
I am an experienced GNU/Linux expert and a full-stack software developer with over a decade in the field of Linux and Open Source technologies

Each tutorial at TecMint is created by a team of experienced Linux system administrators so that it meets our high-quality standards.

Join the TecMint Weekly Newsletter (More Than 156,129 Linux Enthusiasts Have Subscribed)
Was this article helpful? Please add a comment or buy me a coffee to show your appreciation.

31 Comments

Leave a Reply
  1. How does displaying a warning make the SSHD more secure? script kiddies and hackers just ignore the warning.

    besides, from a legal standpoint – your example warnings clearly state “Welcome“. that’s an implicit invitation to be there.

    Reply
  2. In my office account I am getting messages like disk space, some other info related to the account. I checked in all files but i couldn’t find the path from where I am getting these massages.

    Reply
  3. If your idea of securing a system is displaying login messages, you need help. No unauthorized user is going to give a respect about your message and you’re just going to annoy legitimate users, especially when executing remote commands.

    Reply
  4. is it possible to run a shell command from within the banner.txt or the issue.met files.
    ( i’d like to run the clear command after login)

    Reply
    • @Ted,

      No, I don’t think so we can able to run any command or script via these files, these files are used to display a text once the user logged into the shell..

      Reply
  5. Suppose, I have more than 100 Linux server in this case what should I have to do..? It’s very time consuming to set banner in all the servers.. Is there any another solution for same..?? Like I can set banner on one single server and It will show for all the servers.

    Reply
  6. i am getting a message after login (it is just a simple text no error or any thing) i can login only as guest not a root user and i want to remove that text please help

    Reply
    • @Yugansh,
      Which error message you getting on the login screen? can you share the screen grab to get the idea..or else you can remove the text in motd file..

      Reply
  7. Does the banner present a DOS risk due to the additional traffic sent over the network to reply to all ssh connections? It seem like it could be used to saturate someones bandwidth.
    (I do agree on the fail2ban suggestions.)

    Reply
  8. Good one!

    I tried to add this code in to issue.net. But it doesn’t recognize the code.

    Is there anyway to get this done?

    Reply
  9. Do not put the word “welcome” – or anything like that – in ANY login screen or banner message. It can be argued that the hacker thought s/he was welcome to explore.

    Reply
  10. This is a very good practice, however some message will not protect your SSH, but it is not it’s purpose. Warning people that they are in a restricted area makes you protected against the law and the hacker’s ‘I didn’t know what I was doing’ sentence.

    As far as I now in the USA this is a must for private networks. (Of course I don’t mean your home VPN.) But I think it can be useful anywhere in the world when it comes to proving at the court.

    Reply
  11. I question how these can secure a server. Warning message or not, disreputable people will do what they do.

    Better way to secure SSHd? Require keys, and disallow password logins.

    Reply
    • The best way to secure ssh is to use fail2ban and set it to be extremely brutal. 2 attempts then iptable ban?

      Next step is to disable root login ofc.

      Key authentication is another big thing.

      Reply
      • Wyatt, you right fail2ban is very powerful tool to protect ssh from brute force attempts. I’ve already covered article on Fail2Ban you can check it. Always disable root login and use key based authentication.

        Reply
  12. Oh my goodness! Awesome article dude! Many thanks,
    However I am experiencing troubles with your RSS.
    I don’t know why I cannot subscribe to it. Is there anyone else having identical RSS problems? Anyone that knows the solution will you kindly respond? Thanx!!

    Reply

Got Something to Say? Join the Discussion...

Thank you for taking the time to share your thoughts with us. We appreciate your decision to leave a comment and value your contribution to the discussion. It's important to note that we moderate all comments in accordance with our comment policy to ensure a respectful and constructive conversation.

Rest assured that your email address will remain private and will not be published or shared with anyone. We prioritize the privacy and security of our users.