SSH client option to suppress server banners?

Question

I've read Stop ssh login from printing motd from the client?, however my situation is a bit different :

• I want to keep Banner /path/to/sometxt serverside
• I would like to pass an option under specific conditions so that Banner is not printed (eg ssh -o "PrintBanner=No" someserver).

Any idea?

Answer 1

There is a LogLevel option:

It silences the banner but you're still able to receive errors:

$ ssh -o LogLevel=error localhost 
Permission denied (publickey).

Answer 2

Update ~/.ssh/config with following to suppress banner

Host *
    LogLevel error

Answer 3

I 've tested it, I think u can use -q in the ssh command. Parameter -q was means Quiet mode. It causes most warning and diagnostic messages to be suppressed, e.g.

ssh -t '$node2' 'sudo cat xxx' |grep xxxxx" 2>/dev/null >/root/node2

or

ssh -t -q '$node2' 'sudo cat xxxx' |grep xxx" >/root/node2

Hope this can help others

Answer 4

Seems like you're looking for -q:

Quiet mode. Causes most warning and diagnostic messages to be suppressed.

ssh user@host
*------------------------------------------------------------------------------*
| banner: blah                                                                 |
*------------------------------------------------------------------------------*
Last login: Mon Oct  2 16:40:01 2017 from ipAddress
$

With -q

ssh -q user@host
Last login: Mon Oct  2 16:40:30 2017 from ipAddress
$

Nice and quiet. The banner is still configured but you're not bothered by it.

On another note: don't use banners. It's best not to confirm or deny anything. It won't help you with the people you weren't worried about and the people you are worried about will laugh as they work past it ;-)

Answer 5

You should be able to set a different Banner (to none) inside a Match block.

For instance:

Match Address 192.0.2.0/24
        Banner none

But this has to be done server-side, based on specific conditions. You can't do it from the client side.

Answer 6

For me, -o LogLevel=error was better than -q, because the latter suppresses the important error information (which you can then obtain only via exit code).

Compare this (without options): [root@myserver804 myuser1]# ssh targetserver1; echo "exit code=$?" @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the RSA key sent by the remote host is SHA256:hvtR8Dl09aUeCeG2cT5EA8b+nbCOoV6h1DUON2vE63w. Please contact your system administrator. Add correct host key in /root/.ssh/known_hosts to get rid of this message. Offending RSA key in /root/.ssh/known_hosts:1735 RSA host key for targetserver1 has changed and you have requested strict checking. Host key verification failed. exit code=255

with this (quiet) [root@myserver804 myuser1]# ssh -q targetserver1; echo "exit code=$?" exit code=255

with this (only log errors) [root@myserver804 myuser1]# ssh -o LogLevel=error targetserver1; echo "exit code=$?" @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the RSA key sent by the remote host is SHA256:hvtR8Dl09aUeCeG2cT5EA8b+nbCOoV6h1DUON2vE63w. Please contact your system administrator. Add correct host key in /root/.ssh/known_hosts to get rid of this message. Offending RSA key in /root/.ssh/known_hosts:1735 RSA host key for targetserver1 has changed and you have requested strict checking. Host key verification failed. exit code=255

So the conclusion is - if you are still interested in relevant errors, use -o LogLevel=error

Answer 7

Neither the -q or the -oLogLevel=error works.

What does work is to suppress STDERR

ssh hostname command 2>/dev/null

The downside, however, is that the STDERR suppression is applied to the entire command and not just the SSH program.

Answer 8

On a user basis you can suppress server banners by creating an empty file in a user's $HOME directory (/home/username/) called .hushlogin.

touch ~/.hushlogin

Answer 9

Try:

ssh -q

my ssh conections, do not get a banner message.

Answer 10

You can't. (At least not with stock OpenSSH)

The server banner is sent by the server before authentication happens. It's point is usually to contain a legal disclaimer or similar "If you're not authorized disconnect NOW" type message, or other critical things you don't want the remote user to be able to suppress/ignore.

If you really want to get rid of this you will need to hack and compile your own customized version of the SSH client.

Answer 11

Just call a shell, that should suppress the banner.

ssh you@someplace.com /bin/bash

Note though, for me at least, my $PS1 doesn't get set, so it looks like it's hanging. I had to type a couple of commands to verify that it was working.

Answer 12

For me -q did the trick and I was still able to work with the output saved to a file.

ssh -q root@server28 "ls -alF /dr_mksysb |egrep -v \"total|lost+found|./|../\" |awk '{print \$NF}' |sed 's/.\$//g'" > ${basedir}/28.list