We use two-factor-authentication for some servers, i.e. OTP (one time password) token plus password.
I want to provide users with some informations BEFORE they are asked for their credentials. With single factor authentication this can easily be done with the usual banner, e.g. as a file like /etc/ssh/sshd_banner with the according text, and in /etc/ssh/sshd_config with something like
Banner /etc/ssh/sshd_banner
Unfortunately it does not seem to work with 2FA. The banner & config are in place, but the login procedure looks like this:
Using keyboard-interactive authentication.
Your OTP: ******
Using keyboard-interactive authentication.
Password: **********
here comes the banner text, too late:
Login on this host as <x-userid> & OTP, proceed to your hosts as <userid>
Last login: Wed Mar 29 11:48:34 2017 from xxx.xxx.xxx.xxx
x-xyz@host:~>