Article Number
000034922
Applies To
RSA Product Set : SecurID
RSA Product/Service Type : RSA Authentication Manager
RSA Version/Condition: 8.2
Issue
An administrator has followed the steps to update /opt/rsa/am/utils/etc/ssh-banner-sample to customize the display (see "How To Configure a Custom SSH Logon Banner" on page 141 of the
RSA Authentication Manager 8.2 Administrator’s Guide), but the new banner is not displayed during the start of an SSH session.
Cause
The banner parameter in the /etc/ssh/sshd_config is set to either #Banner none or Banner none., rather than Banner /opt/rsa/am/utils/etc/ssh-banner.
Resolution
To resolve this issue, update /etc/ssh/sshd_config and change the Banner parameter to be
Banner /opt/rsa/am/utils/etc/ssh-banner.
Steps
- Launch the SSH client and connect to the appliance using the IP address or fully qualified hostname.
- When prompted, type the operating system user ID of rsaadmin, and press Enter.
- When prompted, type the password for the rsaadmin operating system account, and press Enter.
- Change the privileges of the rsaadmin account using the command sudo su - root.
- When prompted, type the password for the rsaadmin operating system account, and press Enter.
- Navigate to /etc/ssh/ and press Enter.
- Open the sshd_config file in a text editor.
login as: rsaadmin
Using keyboard-interactive authentication.
Password: <enter operating system password>
Last login: Mon Mar 13 16:19:24 2017 from jumphost.vcloud.local
RSA Authentication Manager Installation Directory: /opt/rsa/am
rsaadmin@am82p:~> sudo su - root
rsaadmin's password: <enter operating system password>
am82p:~ # cd /etc/ssh/
am82p:/etc/ssh # vi sshd_config
- Search for the keyword Banner.
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# ForceCommand cvs server
AllowUsers rsaadmin
/Banner
- Add or change the line to what is shown here:
...
...
# no default banner path
Banner /opt/rsa/am/utils/etc/ssh-banner
...
...
- Save the change by typing :wq!
- Restart the sshd service:
service sshd restart
- Confirm that the change took effect by launching the SSH client and connecting to the appliance using the IP address or fully qualified hostname. The updated banner information created in /opt/rsa/am/utils/etc/ssh-banner-sample should display. Here it now reads" Authorized Usage Only - RSA Customer Support."
login as: rsaadmin
Using keyboard-interactive authentication.
Password: <enter operating system password>
Authorized Usage Only - RSA Customer Support
Last login: Fri Mar 10 12:12:59 2017
RSA Authentication Manager Installation Directory: /opt/rsa/am
rsaadmin@am82p:~>