Configure a Custom SSH Logon Banner

Document created by RSA Information Design and Development on Jun 13, 2017Last modified by RSA Information Design and Development on Jun 13, 2017
Version 2Show Document
  • View in full screen mode

A Super Admin can create a Secure Shell (SSH) logon banner that includes custom text. The logon banner appears before an administrator logs on to the appliance operating system with an SSH client.

A Super Admin can also create custom logon banners for the Operations Console, the Security Console, the Self-Service Console. For instructions, see Configure a Custom Console Logon Banner.

Before you begin 

  • You must be a Super Admin.

  • If you are using non-English characters in your display banner, your SSH client must support UTF-8 encoding. By default, the RSA Authentication Manager appliance supports UTF-8 encoding.

  • This procedure assumes that you know how to use vi editor.

  • Obtain the rsaadmin operating system password.

  • Obtain the IP address or fully qualified hostname for the hardware appliance or the virtual machine.

  • Enable SSH on the appliance. For instructions, see Enable Secure Shell on the Appliance.

Procedure 

  1. Launch the SSH client and connect to the appliance using the IP address or fully qualified hostname.

  2. When prompted, type the operating system User ID, rsaadmin, and press ENTER.

  3. When prompted, type the password for the rsaadmin operating system account, and press ENTER.

  4. Change directories to /opt/rsa/am/utils/etc/. Type:

    cd /opt/rsa/am/utils/etc/

    and press ENTER.

  5. In the /opt/rsa/am/utils/etc/ directory, rename the ssh-banner-sample file as ssh-banner.

  6. In the /opt/rsa/am/utils/etc/ssh-banner file, enter the custom SSH logon banner text.

    In vi, do the following:

    1. Type i to enter insert mode.

    2. Enter the custom SSH logon banner text.

      You can translate your text and add the same statement in more than one language. For example, add the same statement in English and Spanish. For non-English character support, UTF-8 character encoding is required.

    3. Press ESC to enter command mode.

    4. Type :wp to save your changes and exit vi.

  7. Restart the sshd service. Type:

    /etc/init.d/sshd restart

    and press ENTER.

  8. Repeat this procedure for each primary and replica instance in your deployment.

After you finish 

(Optional) Save a copy of the logon banner text on your network. The backup feature in RSA Authentication Manager does not include the ssh-banner file.

 

 


Attachments

    Outcomes