Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to change SSH banner? [SOLVED…the ugly way]

    Scheduled Pinned Locked Moved General pfSense Questions
    6 Posts 2 Posters 24.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A Offline
      alphazo
      last edited by

      Hello,

      Moved from M0n0 to pfSense after 3 years.

      How can I permanently change the SSH banner from "SSH-2.0-OpenSSH_4.5p1 FreeBSD-20061110" to "Welcome Home"

      I added a ssh-banner file and added```
      Banner /etc/ssh/sshd-banner

      
Can someone give me a hint ?

Thanks
Dany
      1 Reply Last reply Reply Quote 0
      • J Offline
        jamesdean
        last edited by

        The file that rewrites the /etc/ssh/sshd_config is located at /etc/sshd.

        Backup /etc/sshd before starting
        Edit /etc/sshd

        Find the folowing lines, should be line 86
          /* Include default configuration for pfSense */
          $sshconf = "# This file is automatically generated at startup\n";

        Then add your extra options just below the said lines.
          $sshconf .= "Banner /etc/ssh/banner\n";
          $sshconf .= "VersionAddendum this is a private network\n";

        Banner is the message during login

        VersionAddendum is the sshd helo reponse when connected. Ussally sshd says version of the OS as a helo.
        I don't like that so I always change it.

        1 Reply Last reply Reply Quote 0
        • A Offline
          alphazo
          last edited by

          Thanks a lot. I'm actually traveling so I'll have to test it when I return home.

          Dany

          1 Reply Last reply Reply Quote 0
          • A Offline
            alphazo
            last edited by

            Hi Jamesdean,

            It worked as advertised.

            Now that "FreeBSD…" has been replaced by custom text, is there any way to get rid of the leading "SSH-2.0-OpenSSH_4.5p1" when you do a telnet to the box?

            Thanks again
            Dany

            1 Reply Last reply Reply Quote 0
            • A Offline
              alphazo
              last edited by

              Ok I did it…. the (very) ugly way ! :-[

              I opened my favorite Hex editor and patched the pfsense img file to replace all references to "OpenSSH_4.5p1" by "KEEP OUT    ". String lengths were not modified. Now when I telnet to the box I get  "SSH-2.0-KEEP OUT".

              I feel bad about this...I just wanted to see if this would work. Anyway if someone knows a more elegant way to get the above result I'll be glad to forget about this episode.

              Cheers
              Dany

              1 Reply Last reply Reply Quote 0
              • J Offline
                jamesdean
                last edited by

                Danny

                You should never remove the SSH-2.0-OpenSSH_4.5p1. Some SSH clients use this to figure out what options your SSHD server supports. In the past I have changed  SSH-2.0-OpenSSH_4.5p1 too SSH-2.0 and never encountered a SSH client that brakes because of that change, but you never know. The clean way to change the SSH-2.0-OpenSSH_4.5p1 is to edit the SHHD source code.

                laterz
                JamesDean

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.