Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000034922 - RSA Authentication Manager 8.2 customized SSH logon banner is not displayed

Document created by RSA Customer Support

on Mar 17, 2017•Last modified by RSA Customer Support

on Apr 21, 2017

Version 2Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000034922
Applies To	RSA Product Set : SecurID RSA Product/Service Type : RSA Authentication Manager RSA Version/Condition: 8.2
Issue	An administrator has followed the steps to update /opt/rsa/am/utils/etc/ssh-banner-sample to customize the display (see "How To Configure a Custom SSH Logon Banner" on page 141 of the RSA Authentication Manager 8.2 Administrator’s Guide), but the new banner is not displayed during the start of an SSH session.
Cause	The banner parameter in the /etc/ssh/sshd_config is set to either #Banner none or Banner none., rather than Banner /opt/rsa/am/utils/etc/ssh-banner.
Resolution	To resolve this issue, update /etc/ssh/sshd_config and change the Banner parameter to be Banner /opt/rsa/am/utils/etc/ssh-banner. Steps Launch the SSH client and connect to the appliance using the IP address or fully qualified hostname. When prompted, type the operating system user ID of rsaadmin, and press Enter. When prompted, type the password for the rsaadmin operating system account, and press Enter. Change the privileges of the rsaadmin account using the command sudo su - root. When prompted, type the password for the rsaadmin operating system account, and press Enter. Navigate to /etc/ssh/ and press Enter. Open the sshd_config file in a text editor. login as: rsaadmin Using keyboard-interactive authentication. Password: <enter operating system password> Last login: Mon Mar 13 16:19:24 2017 from jumphost.vcloud.local RSA Authentication Manager Installation Directory: /opt/rsa/am rsaadmin@am82p:~> sudo su - root rsaadmin's password: <enter operating system password> am82p:~ # cd /etc/ssh/ am82p:/etc/ssh # vi sshd_config Search for the keyword Banner. # Example of overriding settings on a per-user basis #Match User anoncvs # X11Forwarding no # AllowTcpForwarding no # ForceCommand cvs server AllowUsers rsaadmin /Banner Add or change the line to what is shown here: ... ... # no default banner path Banner /opt/rsa/am/utils/etc/ssh-banner ... ... Save the change by typing :wq! Restart the sshd service: service sshd restart Confirm that the change took effect by launching the SSH client and connecting to the appliance using the IP address or fully qualified hostname. The updated banner information created in /opt/rsa/am/utils/etc/ssh-banner-sample should display. Here it now reads" Authorized Usage Only - RSA Customer Support." login as: rsaadmin Using keyboard-interactive authentication. Password: <enter operating system password> Authorized Usage Only - RSA Customer Support Last login: Fri Mar 10 12:12:59 2017 RSA Authentication Manager Installation Directory: /opt/rsa/am rsaadmin@am82p:~>

Attachments

Outcomes

0 Comments

Recommended Content