This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Knowledge Base

Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID experts.

RSA Authentication Manager 8.2 customized SSH logon banner is not displayed

Article Number

000034922

Applies To

RSA Product Set : SecurID
RSA Product/Service Type : RSA Authentication Manager
RSA Version/Condition: 8.2
 

Issue

An administrator has followed the steps to update /opt/rsa/am/utils/etc/ssh-banner-sample to customize the display (see "How To Configure a Custom SSH Logon Banner" on page 141 of the RSA Authentication Manager 8.2 Administrator’s Guide), but the new banner is not displayed during the start of an SSH session.

Cause

The banner parameter in the /etc/ssh/sshd_config is set to either #Banner none or Banner none., rather than Banner /opt/rsa/am/utils/etc/ssh-banner.

Resolution

To resolve this issue, update /etc/ssh/sshd_config and change the Banner parameter to be Banner /opt/rsa/am/utils/etc/ssh-banner.

Steps

  1. Launch the SSH client and connect to the appliance using the IP address or fully qualified hostname.
  2. When prompted, type the operating system user ID of rsaadmin, and press Enter.
  3. When prompted, type the password for the rsaadmin operating system account, and press Enter.
  4. Change the privileges of the rsaadmin account using the command sudo su - root.
  5. When prompted, type the password for the rsaadmin operating system account, and press Enter.
  6. Navigate to /etc/ssh/ and press Enter.
  7. Open the sshd_config file in a text editor.
​login as: rsaadmin 
Using keyboard-interactive authentication. 
Password: <enter operating system password> 
Last login: Mon Mar 13 16:19:24 2017 from jumphost.vcloud.local 
RSA Authentication Manager Installation Directory: /opt/rsa/am 
rsaadmin@am82p:~> sudo su - root 
rsaadmin's password: <enter operating system password>
am82p:~ # cd /etc/ssh/
am82p:/etc/ssh # vi sshd_config
  1. Search for the keyword Banner.
# Example of overriding settings on a per-user basis
#Match User anoncvs
#       X11Forwarding no
#       AllowTcpForwarding no
#       ForceCommand cvs server
AllowUsers rsaadmin
/Banner
  1. Add or change the line to what is shown here: 
​...
...
# no default banner path
Banner /opt/rsa/am/utils/etc/ssh-banner
...
...
  1. Save the change by typing :wq!
  2. Restart the sshd service:
service sshd restart
  1. Confirm that the change took effect by launching the SSH client and connecting to the appliance using the IP address or fully qualified hostname.  The updated banner information created in /opt/rsa/am/utils/etc/ssh-banner-sample should display.   Here it now reads" Authorized Usage Only - RSA Customer Support."
login as: rsaadmin
Using keyboard-interactive authentication.
Password: <enter operating system password> 
Authorized Usage Only  - RSA Customer Support
Last login: Fri Mar 10 12:12:59 2017
RSA Authentication Manager Installation Directory: /opt/rsa/am
rsaadmin@am82p:~>
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2020-12-12 11:48 PM
Updated by:
Administrator Administrator

Related Content

© 2023 RSA Security LLC or its affiliates. All rights reserved.