Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to change SSH banner? [SOLVED…the ugly way]

    General pfSense Questions
    2
    6
    23.9k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      alphazo
      last edited by

      Hello,

      Moved from M0n0 to pfSense after 3 years.

      How can I permanently change the SSH banner from "SSH-2.0-OpenSSH_4.5p1 FreeBSD-20061110" to "Welcome Home"

      I added a ssh-banner file and added```
      Banner /etc/ssh/sshd-banner

      
Can someone give me a hint ?

Thanks
Dany
      1 Reply Last reply Reply Quote 0
      • J
        jamesdean
        last edited by

        The file that rewrites the /etc/ssh/sshd_config is located at /etc/sshd.

        Backup /etc/sshd before starting
        Edit /etc/sshd

        Find the folowing lines, should be line 86
          /* Include default configuration for pfSense */
          $sshconf = "# This file is automatically generated at startup\n";

        Then add your extra options just below the said lines.
          $sshconf .= "Banner /etc/ssh/banner\n";
          $sshconf .= "VersionAddendum this is a private network\n";

        Banner is the message during login

        VersionAddendum is the sshd helo reponse when connected. Ussally sshd says version of the OS as a helo.
        I don't like that so I always change it.

        1 Reply Last reply Reply Quote 0
        • A
          alphazo
          last edited by

          Thanks a lot. I'm actually traveling so I'll have to test it when I return home.

          Dany

          1 Reply Last reply Reply Quote 0
          • A
            alphazo
            last edited by

            Hi Jamesdean,

            It worked as advertised.

            Now that "FreeBSD…" has been replaced by custom text, is there any way to get rid of the leading "SSH-2.0-OpenSSH_4.5p1" when you do a telnet to the box?

            Thanks again
            Dany

            1 Reply Last reply Reply Quote 0
            • A
              alphazo
              last edited by

              Ok I did it…. the (very) ugly way ! :-[

              I opened my favorite Hex editor and patched the pfsense img file to replace all references to "OpenSSH_4.5p1" by "KEEP OUT    ". String lengths were not modified. Now when I telnet to the box I get  "SSH-2.0-KEEP OUT".

              I feel bad about this...I just wanted to see if this would work. Anyway if someone knows a more elegant way to get the above result I'll be glad to forget about this episode.

              Cheers
              Dany

              1 Reply Last reply Reply Quote 0
              • J
                jamesdean
                last edited by

                Danny

                You should never remove the SSH-2.0-OpenSSH_4.5p1. Some SSH clients use this to figure out what options your SSHD server supports. In the past I have changed  SSH-2.0-OpenSSH_4.5p1 too SSH-2.0 and never encountered a SSH client that brakes because of that change, but you never know. The clean way to change the SSH-2.0-OpenSSH_4.5p1 is to edit the SHHD source code.

                laterz
                JamesDean

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.