000034922 - RSA Authentication Manager 8.2 customized SSH logon banner is not displayed

Document created by RSA Customer Support Employee on Mar 17, 2017Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000034922
Applies ToRSA Product Set : SecurID
RSA Product/Service Type : RSA Authentication Manager
RSA Version/Condition: 8.2
 
IssueAn administrator has followed the steps to update /opt/rsa/am/utils/etc/ssh-banner-sample to customize the display (see "How To Configure a Custom SSH Logon Banner" on page 141 of the RSA Authentication Manager 8.2 Administrator’s Guide), but the new banner is not displayed during the start of an SSH session.
CauseThe banner parameter in the /etc/ssh/sshd_config is set to either #Banner none or Banner none., rather than Banner /opt/rsa/am/utils/etc/ssh-banner.
ResolutionTo resolve this issue, update /etc/ssh/sshd_config and change the Banner parameter to be Banner /opt/rsa/am/utils/etc/ssh-banner.

Steps


  1. Launch the SSH client and connect to the appliance using the IP address or fully qualified hostname.
  2. When prompted, type the operating system user ID of rsaadmin, and press Enter.
  3. When prompted, type the password for the rsaadmin operating system account, and press Enter.
  4. Change the privileges of the rsaadmin account using the command sudo su - root.
  5. When prompted, type the password for the rsaadmin operating system account, and press Enter.
  6. Navigate to /etc/ssh/ and press Enter.
  7. Open the sshd_config file in a text editor.
login as: rsaadmin 
Using keyboard-interactive authentication.
Password: <enter operating system password>
Last login: Mon Mar 13 16:19:24 2017 from jumphost.vcloud.local
RSA Authentication Manager Installation Directory: /opt/rsa/am
rsaadmin@am82p:~> sudo su - root
rsaadmin's password: <enter operating system password>
am82p:~ # cd /etc/ssh/
am82p:/etc/ssh # vi sshd_config

  1. Search for the keyword Banner.
# Example of overriding settings on a per-user basis
#Match User anoncvs
#       X11Forwarding no
#       AllowTcpForwarding no
#       ForceCommand cvs server
AllowUsers rsaadmin
/Banner

  1. Add or change the line to what is shown here: 
...
...
# no default banner path
Banner /opt/rsa/am/utils/etc/ssh-banner
...
...

  1. Save the change by typing :wq!
  2. Restart the sshd service:
service sshd restart

  1. Confirm that the change took effect by launching the SSH client and connecting to the appliance using the IP address or fully qualified hostname.  The updated banner information created in /opt/rsa/am/utils/etc/ssh-banner-sample should display.   Here it now reads" Authorized Usage Only - RSA Customer Support."

login as: rsaadmin
Using keyboard-interactive authentication.
Password: <enter operating system password>
Authorized Usage Only  - RSA Customer Support
Last login: Fri Mar 10 12:12:59 2017
RSA Authentication Manager Installation Directory: /opt/rsa/am
rsaadmin@am82p:~>

Attachments

    Outcomes