Configure SSH Custom Login Banner on Ubuntu Linux

This article provides a straightforward, step-by-step guide on how to configure your SSH server on Ubuntu Linux to display a custom text banner before a user logs in. You will learn how to create the custom banner text file, modify the SSH daemon configuration, and restart the service to apply your changes.

Step 1: Create the Custom Banner File

The SSH banner is a simple text file that contains the message you want to display to users. While you can use the default /etc/issue.net file, creating a dedicated SSH banner file keeps your configurations organized.

Open a terminal and create a new text file using a text editor such as Nano:

sudo nano /etc/ssh/sshd-banner

Type or paste your custom warning or welcome message into this file. For example:

********************************************************************
* WARNING: Authorized Access Only!                                 *
* This system is private and secure. All activities are logged.    *
* Unauthorized access attempts will be prosecuted to the full     *
* extent of the law.                                               *
********************************************************************

Save and close the file. In Nano, you can do this by pressing Ctrl+O, Enter, and then Ctrl+X.

Step 2: Enable the Banner in SSH Configuration

Next, you need to instruct the SSH daemon to load and display your new banner file before authentication.

Open the primary SSH configuration file:

sudo nano /etc/ssh/sshd_config

Scroll through the file or search for the word Banner (in Nano, press Ctrl+W and type Banner).

By default, the line might be commented out with a # symbol, looking like this:

#Banner none

Uncomment the directive by removing the # and specify the path to your custom banner file:

Banner /etc/ssh/sshd-banner

Save and close the SSH configuration file.

Step 3: Test and Restart the SSH Service

Before restarting the SSH service, it is good practice to test the configuration syntax for errors:

sudo sshd -t

If the command returns no output, your configuration is correct. Now, restart the SSH daemon to apply the changes:

sudo systemctl restart ssh

Step 4: Verify the Changes

To verify that the custom banner is working, open a new terminal window and connect to your Ubuntu server via SSH:

ssh username@your_server_ip

Before you are prompted to enter your password, your custom login banner will be displayed in the terminal.