Stop ssh login from printing motd from the client?

ssh bash linux

I've got SSH passwordless set up, however it prints the MoTD when it logs in. Is there anyway to stop that happening from the client side?

I've tried ssh -q but that doesn't work. I don't want to use ~/.hushlogin nor do I want to change the server set up. The only thing that can work is to quiet all output, with >/dev/null 2>&1. However, I don't want to ignore errors in case there actually is a problem. Even doing >/dev/null doesn't work, since ssh seems to print the motd to the stderr.

Update & reasoning I'm running backup in a cron. I don't want to get a cron email unless an error has occured. However if the motd is printed I'll get an email all the time.

I want to keep the motd being printed because that has legal implications. The motd says "unathorized access prohibited". You need to have this sort of statement in there to legally prevent people from access it (like a no trespassing sign). Hence I don't want to blanket disable it all the time.


Solution 1:

I'm not sure why you have an aversion to doing this correctly - either on the server a la

PrintMotd no
PrintLastLog no

and

#/etc/pam.d/ssh
# Print the message of the day upon successful login.
# session    optional     pam_motd.so

Or adding ~/.hushlogin for each user.

Hint, for ~/.hushlogin, add it to /etc/skel so new user home directories are created with the file.

Update:

Without more information about your backup cron job, my only other suggestion is to redirect the output of the command to a file (or let cron capture it in email) and the output of the ssh session to /dev/null. Something like:

0 0 * * * ssh backuphost "backup_script_that_writes_to_a_log" >/dev/null

Or

0 0 * * * ssh backuphost "backup_command 2>&1" >/dev/null

I'd have to play around with the commands a bit, but that should get you started.

Solution 2:

If you want this on a per-user basis, just do a touch ~/.hushlogin and you're all set with OpenSSH.

Update: As pointed out elsewhere, pam_motd may be configured to not use a per-user .hushlogin; check /etc/login.defs for HUSHLOGIN_FILE. It may be configured to have all users listed in /etc/hushlogins or similar.

Related

The IT Manager is Leaving - What do I lockdown?
Need to add a "Wait" command to a Powershell script
When building from Dockerfile, Debian/Ubuntu package install debconf Noninteractive install not allowed
What is the best nginx compression gzip level?
PECL command produces long list of errors
What are the pros and cons of having your own UPS attached to your own server hosted in a data center?
Why do we still have such small email attachment filesize restrictions? [closed]
How exactly & specifically does layer 3 LACP destination address hashing work?
Temporarily disable ssh public key authentication from client
Windows 7: "localhost name resolution is handled within DNS itself". Why?
Extracting files from CloneZilla images
How is fire spread in server rooms and datacenters?