A user at a Windows PC uses our SSH client software (Anzio) to access a
Linux sshd. User would like the banner from the server to display BEFORE
entering a login name.
According to the SSH spec, this should be allowed. But the OpenSSH source
seems to have specifically prevented this. Is there a good reason for
this?
Regards,
....Bob Rasmussen, President, Rasmussen Software, Inc.
personal e-mail: ras at anzio.com
company e-mail: rsi at anzio.com
voice: (US) 503-624-0360 (9:00-6:00 Pacific Time)
fax: (US) 503-624-0760
web: http://www.anzio.com
street address: Rasmussen Software, Inc.
10240 SW Nimbus, Suite L9
Portland, OR 97223 USA
Quoth Bob Rasmussen:> > A user at a Windows PC uses our SSH client software (Anzio) to accessa> Linux sshd. User would like the banner from the server to display > BEFORE > entering a login name. > > According to the SSH spec, this should be allowed. But the OpenSSH > source > seems to have specifically prevented this. Is there a good reason for > this? >Please see the "Banner" option in sshd_config(5).
On Fri, 1 Jul 2011, Scott Neugroschl wrote:> > Quoth Bob Rasmussen: > > > > A user at a Windows PC uses our SSH client software (Anzio) to access > a > > Linux sshd. User would like the banner from the server to display > > BEFORE > > entering a login name. > > > > According to the SSH spec, this should be allowed. But the OpenSSH > > source > > seems to have specifically prevented this. Is there a good reason for > > this? > > > > > > Please see the "Banner" option in sshd_config(5).I know how to cause the banner to appear, and am doing that. The question is related to the *timing* of the banner. Regards, ....Bob Rasmussen, President, Rasmussen Software, Inc. personal e-mail: ras at anzio.com company e-mail: rsi at anzio.com voice: (US) 503-624-0360 (9:00-6:00 Pacific Time) fax: (US) 503-624-0760 web: http://www.anzio.com street address: Rasmussen Software, Inc. 10240 SW Nimbus, Suite L9 Portland, OR 97223 USA
On Fri, 1 Jul 2011, Bob Rasmussen wrote:> A user at a Windows PC uses our SSH client software (Anzio) to access a > Linux sshd. User would like the banner from the server to display BEFORE > entering a login name. > > According to the SSH spec, this should be allowed. But the OpenSSH source > seems to have specifically prevented this. Is there a good reason for > this?We send the banner after the receipt of the first user authentication request. RFC4252 could be interpreted to allow sending the banner sooner, right after the "ssh-userauth" service has been requested, but we haven't tested this and doing so would remove the ability to vary the banner depending on the user who is connecting (as we can now with sshd_config "Banner" statements inside "Match" blocks). For the latter reason, we don't have any plans to send the banner earlier. -d