UNIX – Set SSH Banner

ByDavid Kittell
| | | | | | | | | | 
# Switch to root user
sudo -s

echo -e "\033[01m\e[4mType your desired hostname for the server, followed by [ENTER]:\e[0m\033[0m"
read hostname
sudo hostnamectl set-hostname --static "$hostname"
sudo hostnamectl set-hostname "$hostname"
hostnamectl status

companyname="Kittell.net"

declare OSVer=$(cat /etc/redhat-release)

declare sCPU=$(grep -c ^processor /proc/cpuinfo )
# echo "CPU: $sCPU"
declare sRamGB=$(cat /proc/meminfo | grep MemTotal | cut -d ":" -f 2 |  tr -d '[:space:]' | sed 's/.\{2\}$//'  | awk '{$1=$1/(1024^2); print int($1+0.5),"GB";}')

if [ "$sRamGB" == "0 GB" ]; then
sRamGB=$(cat /proc/meminfo | grep MemTotal | cut -d ":" -f 2 |  tr -d '[:space:]' | sed 's/.\{2\}$//' | awk '{ foo = $1 / 1024 ; print foo " MB" }')
fi
echo "Memory (RAM): $sRamGB"

declare netAdapter=$(nmcli device status | grep en | cut -d " " -f1)
if [ -z "$netAdapter" ]; then
netAdapter=$(nmcli device status | grep eth | cut -d " " -f1)
fi
declare netIP=$(/sbin/ip -o -4 addr list $netAdapter | awk '{print $4}' | cut -d/ -f1)
declare netIPv6=$(ifconfig $netAdapter | grep 'inet6' |awk '{print $2}' | cut -d/ -f1|tr '\n' ' ')
#declare netCIDR=$(/sbin/ip -o -4 addr list $netAdapter | cut -d ' ' -f7)
declare netMask=$(ipcalc -m $netIP | cut -d '=' -f2)
declare netCIDR=$(ipcalc -p $netIP $netMask | cut -d '=' -f2)
declare netWork=$(ipcalc -n $netIP $netMask | cut -d '=' -f2)
declare banner=$(cat <<EOF
$OSVer
       CPU: $sCPU
    Memory: $sRamGB
  Hostname: $(hostname)

Network Information
   Adapter: $netAdapter
     IP v6: $netIPv6
     IP v4: $netIP
   Netmask: $netMask
      CIDR: ${netWork}/${netCIDR}


EOF
)
echo "$banner"
echo -e "$banner"|sudo tee /etc/motd
clear
cat /etc/motd

sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original
sudo sed -i "s|#Banner none|Banner /etc/banner|" /etc/ssh/sshd_config
sudo sed -i "s|#Banner /etc/issue.net|Banner /etc/banner|" /etc/ssh/sshd_config

sudo systemctl restart sshd.service

companyPolicy="$(echo $companyname)\n\r\n\rWARNING\n\rThis computer system is the property of $(echo $companyname). It may be accessed and used only for authorized $(echo $companyname) business by authorized personnel. Unauthorized access or use of this computer system may subject violators to criminal, civil and/or administrative disciplinary action.\n\r\n\r$(echo $companyname) may monitor or log any activity or communication on the system and retrieve any information stored within the system.  By accessing and using this computer, you are consenting to such monitoring and information retrieval for law enforcement and other purposes. All information accessed via this system should be considered confidential unless otherwise indicated. Access or use of this computer system by any person, whether authorized or unauthorized, constitutes consent to these terms. There is no right of privacy in this system.\n\r\n\rNOTE: By logging into this system you indicate your awareness of and consent to these terms and conditions of use. LOG OFF IMMEDIATELY if you do not agree to the conditions stated in this warning.\n"
clear
echo -e "$companyPolicy" |  tee /etc/banner

# Switch to root user
su

companyname="Kittell.net"

# Get Hardware Version
RPiVersion=$(cat /proc/device-tree/model)
echo $RPiVersion

#lsb_release -a
OS=$(lsb_release -i | cut -d ":" -f2 | tr -d '[:space:]')
OSCode=$(lsb_release -c | cut -d ":" -f2 | tr -d '[:space:]')
OSVer=$(lsb_release -r | cut -d ":" -f2 | tr -d '[:space:]')
echo "$OS $OSCode $OSVer"

declare sCPU=$(grep -c ^processor /proc/cpuinfo )
#echo "CPU: $sCPU"
declare sRamGB=$(cat /proc/meminfo | grep MemTotal | cut -d ":" -f 2 |  tr -d '[:space:]' | sed 's/.\{2\}$//'  | awk '{$1=$1/(1024^2); print int($1+0.5),"GB";}')

if [ "$sRamGB" == "0 GB" ]; then
sRamGB=$(cat /proc/meminfo | grep MemTotal | cut -d ":" -f 2 |  tr -d '[:space:]' | sed 's/.\{2\}$//' | awk '{ foo = $1 / 1024 ; print foo " MB" }')
fi

apt install -y ipcalc

echo "Memory (RAM): $sRamGB"

# Network Variables - Start
# All Network Adapters
NetworkPorts=$(ip link show | grep '^[a-z0-9]' | awk -F : '{print $2}')
echo $NetworkPorts

/sbin/ip -o -4 addr list $netAdapter | awk '{print $4}' | cut -d/ -f1 > /tmp/netIP.txt
netIPFiltered=$(cat /tmp/netIP.txt | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}')
echo $netIPFiltered

banner=$(echo "$RPiVersion\n")
banner=${banner}$(echo "    OS:              $OS $OSCode $OSVer\n")
banner=${banner}$(echo "    Hostname:        $(hostname)\n")
banner=${banner}$(echo "    CPU:             $sCPU\n")
banner=${banner}$(echo "    Memory (RAM):    $sRamGB\n\n")
banner=${banner}$(echo "Network Information\n")

for val in $(echo $NetworkPorts); do   # Get for all available hardware ports their status
echo "Current Interface: $val"
#netActive=$(ifconfig $val | grep "inet.*broadcast" -B1 | grep "Link" | cut -d " " -f1)
netActive=$(ifconfig $val | grep "inet.*broadcast" -B1 | grep "mtu" | cut -d ":" -f1)
#echo $netActive

if [ "$netActive" == "$val" ]
then
netIP=$(/sbin/ip -o -4 addr list $val | awk '{print $4}' | cut -d/ -f1|tr '\n' ' ')
netIPv6=$(ifconfig $val | grep 'inet6' | grep 'global'  |awk '{print $2}' | cut -d/ -f1|tr '\n' ' ')
#declare netMask=$(ipcalc -m $netIP | cut -d '=' -f2)
#netMask=$(ifconfig "$netAdapter" | sed -rn '2s/ .*:(.*)$/\1/p') # Debian 8
#netMask=$(ifconfig "$val" | grep "inet.*broadcast" | cut -d " " -f13) # Debian 9
netMask=$(ifconfig "$val" | grep netmask | cut -d ' ' -f13) # Debian 9

netCIDR=$(ipcalc $netIP/$val | grep "Netmask:" | cut -d "=" -f2 | cut -d " " -f2 | tr -d '[:space:]')
netWork=$(ipcalc $netIP/$val | grep "Network:" | cut -d "/" -f1 | cut -d " " -f4 | tr -d '[:space:]')

banner=${banner}$(echo "    Adapter:         $val\n")
banner=${banner}$(echo "    IP v6:           $netIPv6\n")
banner=${banner}$(echo "    IP v4:           $netIP\n")
banner=${banner}$(echo "    Netmask:         $netMask\n")
banner=${banner}$(echo "    CIDR:            $netWork/$netCIDR\n\n")
fi
done

echo -e $banner
#sudo rm /etc/banner
echo -e "$banner"|sudo tee /etc/motd
clear
cat /etc/motd

#sudo touch /etc/banner
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original
sudo sed -i "s|#Banner none|Banner /etc/banner|" /etc/ssh/sshd_config
sudo sed -i "s|#Banner /etc/issue.net|Banner /etc/banner|" /etc/ssh/sshd_config

sudo /etc/init.d/ssh restart

companyPolicy="$(echo $companyname)\n\r\n\rWARNING\n\rThis computer system is the property of $(echo $companyname). It may be accessed and used only for authorized $(echo $companyname) business by authorized personnel. Unauthorized access or use of this computer system may subject violators to criminal, civil and/or administrative disciplinary action.\n\r\n\r$(echo $companyname) may monitor or log any activity or communication on the system and retrieve any information stored within the system.  By accessing and using this computer, you are consenting to such monitoring and information retrieval for law enforcement and other purposes. All information accessed via this system should be considered confidential unless otherwise indicated. Access or use of this computer system by any person, whether authorized or unauthorized, constitutes consent to these terms. There is no right of privacy in this system.\n\r\n\rNOTE: By logging into this system you indicate your awareness of and consent to these terms and conditions of use. LOG OFF IMMEDIATELY if you do not agree to the conditions stated in this warning.\n"
clear
echo -e "$companyPolicy" |  tee /etc/banner
cat /etc/banner

Obviously it will be slightly different depending on your network and version but it will look something like this.

Kittell.net

WARNING
This computer system is the property of Kittell.net. It may be accessed and used only for authorized Kittell.net business by authorized personnel. Unauthorized access or use of this computer system may subject violators to criminal, civil and/or administrative disciplinary action.

Kittell.net may monitor or log any activity or communication on the system and retrieve any information stored within the system.  By accessing and using this computer, you are consenting to such monitoring and information retrieval for law enforcement and other purposes. All information accessed via this system should be considered confidential unless otherwise indicated. Access or use of this computer system by any person, whether authorized or unauthorized, constitutes consent to these terms. There is no right of privacy in this system.

NOTE: By logging into this system you indicate your awareness of and consent to these terms and conditions of use. LOG OFF IMMEDIATELY if you do not agree to the conditions stated in this warning.

pi@192.168.1.2's password:

After you login you will see the below

Linux  4.14.98-v7+ #1200 SMP Tue Feb 12 20:27:48 GMT 2019 armv7l
Raspberry Pi 3 Model B Rev 1.2
    OS:              Raspbian stretch 9.8
    Hostname:        
    CPU:             4
    Memory (RAM):    1 GB

Network Information
    Adapter:         eth0
    IP:              192.168.1.2
    Netmask:         255.255.255.0
    CIDR:            192.168.1.0/24

    Adapter:         wlan0
    IP:              192.168.1.3
    Netmask:         255.255.255.0
    CIDR:            192.168.1.0/24


Last login: Mon Mar 25 06:43:47 2019 from 10.40.20.227
Originally Posted on January 17, 2018
Last Updated on May 4, 2025
All information on this site is shared with the intention to help. Before any source code or program is ran on a production (non-development) system it is suggested you test it and fully understand what it is doing not just what it appears it is doing. I accept no responsibility for any damage you may do with this code.