want SSH banner to show up before OTP and password request

Question

We use two-factor-authentication for some servers, i.e. OTP (one time password) token plus password.

I want to provide users with some informations BEFORE they are asked for their credentials. With single factor authentication this can easily be done with the usual banner, e.g. as a file like /etc/ssh/sshd_banner with the according text, and in /etc/ssh/sshd_config with something like

Banner /etc/ssh/sshd_banner

Unfortunately it does not seem to work with 2FA. The banner & config are in place, but the login procedure looks like this:

Using keyboard-interactive authentication.

Your OTP: ******

Using keyboard-interactive authentication.

Password: **********

here comes the banner text, too late:

Login on this host as <x-userid> & OTP, proceed to your hosts as <userid>

Last login: Wed Mar 29 11:48:34 2017 from xxx.xxx.xxx.xxx
x-xyz@host:~>

score 4 · Accepted Answer · answered Mar 29 '17 at 17:21

4

Did you try putting the banner in /etc/issue.net? This should displayed before anything else.

answered Mar 29 '17 at 17:21

allo

1,524
1
19
35

want SSH banner to show up before OTP and password request

1 Answers1