hi all, we had quite a few requests recently so that SunSSH allowed to hush a banner on client side when in command-mode only. The argument usually is that the banner is mandatory due to legal reasons so first time login users should see it but that it causes problems when ssh is used from scripts after that. '-q' often seems not an option. RFC 4252 permits hushing banner in section 5.4. we want to add DisableBanner option to SunSSH with yes/no/in-exec-mode arguments, default to "no". It's designed to be extendable in a backward compatible way to a comma separated list of "in-<mode>-mode" strings if needed in the future. "in-subsystem-mode" could be the next candidate. since we try to avoid divergence with upstream (= OpenSSH) if possible I would like to ask, in case you would be interested in adding such functionality to OpenSSH in which case I can provide a patch then, whether this would be an acceptible syntax for both. thanks, Jan. -- Jan Pechanec Sun Microsystems
On Thu, 18 Jan 2007, Jan Pechanec wrote:> > hi all, we had quite a few requests recently so that SunSSH allowed > to hush a banner on client side when in command-mode only. The argument > usually is that the banner is mandatory due to legal reasons so first time > login users should see it but that it causes problems when ssh is used from > scripts after that. '-q' often seems not an option. RFC 4252 permits hushing > banner in section 5.4."ssh -q" or the "Loglevel quiet" config option will hush the banner fine on OpenSSH. IMO not doing so "for legal reasons" is just silly. What next, will Solaris disable stderr redirection to prevent someone from missing a disclaimer? If people want to stick their heads in the sand then they will find a way.> we want to add DisableBanner option to SunSSH with > yes/no/in-exec-mode arguments, default to "no". It's designed to be > extendable in a backward compatible way to a comma separated list of > "in-<mode>-mode" strings if needed in the future. "in-subsystem-mode" could > be the next candidate. > > since we try to avoid divergence with upstream (= OpenSSH) if > possible I would like to ask, in case you would be interested in adding such > functionality to OpenSSH in which case I can provide a patch then, whether > this would be an acceptible syntax for both.Thanks for making the effort to retain compatibility, but OpenSSH won't adopt such an option. I don't think it is necessary, and there is a strong consensus among the developers to have fewer, rather than more, options. -d
Sometime ago, Jan Pechanec wrote:> > hi all, we had quite a few requests recently so that SunSSH allowed > to hush a banner on client side when in command-mode only. The argument > usually is that the banner is mandatory due to legal reasons so first time > login users should see it but that it causes problems when ssh is used from > scripts after that. '-q' often seems not an option. RFC 4252 permits hushing > banner in section 5.4. > > we want to add DisableBanner option to SunSSH with > yes/no/in-exec-mode arguments, default to "no". It's designed to be > extendable in a backward compatible way to a comma separated list of > "in-<mode>-mode" strings if needed in the future. "in-subsystem-mode" could > be the next candidate. > > since we try to avoid divergence with upstream (= OpenSSH) if > possible I would like to ask, in case you would be interested in adding such > functionality to OpenSSH in which case I can provide a patch then, whether > this would be an acceptible syntax for both. > > thanks, Jan. >Hi Jan, At the risk of pointing out what you may already be aware of, the banner can be suppressed by setting the LogLevel to quiet, fatal, or error. Setting it to 'error' allows the banner to be suppressed without throwing away authentication errors etc. -- Iain Morgan
On Thu, 18 Jan 2007, Iain Morgan wrote:>Hi Jan, > >At the risk of pointing out what you may already be aware of, the >banner can be suppressed by setting the LogLevel to quiet, fatal, or >error. Setting it to 'error' allows the banner to be suppressed withouthello Iain, I know that, my note about '-q' option was probably an overly subtle attempt to say that some customers really want to hush banner but they do want to see other warnings at the same time. So, using '-q' is not an solution for them. thanks, Jan. -- Jan Pechanec
Reasonably Related Threads
- [Bug 2242] New: add DisableBanner option to the ssh client command
- [Bug 921] Add operating system to OpenSSH version string
- SSH 1.0.1 and 1.1 have different prompt.
- FYI Incompatibilities between recent versions of OpenSSH and Sun SSH
- [PATCH] Drop fine-grained privileges on Illumos/Solaris