774 – banner is displaying twice (/etc/issue)

Bug 774 - banner is displaying twice (/etc/issue)

Summary: banner is displaying twice (/etc/issue)

Status:	CLOSED INVALID

Alias:	None

Product:	Portable OpenSSH
Classification:	Unclassified
Component:	sshd (show other bugs)
Version:	3.7.1p1
Hardware:	All Solaris

Importance:	P2 security
Assignee:	OpenSSH Bugzilla mailing list

URL:
Keywords:

Depends on:
Blocks:

Reported:	2003-12-16 15:14 AEDT by Srinivas Musunuru
Modified:	2004-04-14 12:24 AEST (History)
CC List:	0 users

See Also:

Attachments
("ssh -vvv" yourserver) and attach (note: use (8.37 KB, text/plain) 2003-12-16 17:15 AEDT, Srinivas Musunuru	no flags	Details
("ssh -vvv" yourserver) and attach (note: use (8.37 KB, text/plain) 2003-12-16 17:15 AEDT, Srinivas Musunuru	no flags	Details
("ssh -vvv" yourserver) and attach (note: use (8.37 KB, text/plain) 2003-12-16 17:15 AEDT, Srinivas Musunuru	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Srinivas Musunuru 2003-12-16 15:14:37 AEDT

Hi,

 We are having problem with banner (/etc/issue)... it is displaying twice when 
we login to the server by using ssh.. we also edited sshd_config file and 
added this information (PrintMotd no) and restarted the sshd daemon .. still 
the problem exists... pls help me to fix this


Thanks in Advance,
srinivas

Comment 1 Ben Lindstrom 2003-12-16 15:26:18 AEDT

'banner' and  'PrintMotd' are two unreleated issues.  'banner' is used to 
display a pre-login message.

Are you seeing the message TWICE before logining in?

I'm not following what your extact issue is.

Comment 2 Srinivas Musunuru 2003-12-16 15:57:37 AEDT

Are you seeing the message TWICE before logining in?  YES

Comment 3 Darren Tucker 2003-12-16 16:01:44 AEDT

Which file does the "Banner" directive in sshd_config point to?  What are the
contents of that file?

Comment 4 Srinivas Musunuru 2003-12-16 16:16:27 AEDT

Which file does the "Banner" directive in sshd_config point to?  What are the
contents of that file? It is in sshd_config file (Banner /etc/issue)

sshd_config file contents

#       $Id: sshd_config,v 1.3 2002/10/18 22:37:52 root Exp $

#       $OpenBSD: sshd_config,v 1.42 2001/09/20 20:57:51 mouring Exp $

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin

# This is the sshd server system-wide configuration file.  See sshd(8)
# for more information.

Port 44321
Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress ::

# HostKey for protocol version 1
HostKey /usr/local/etc/ssh_host_key
# HostKeys for protocol version 2
HostKey /usr/local/etc/ssh_host_rsa_key
HostKey /usr/local/etc/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768

# Logging
SyslogFacility AUTH
LogLevel INFO
#obsoletes QuietMode and FascistLogging

# Authentication:

LoginGraceTime 600
PermitRootLogin without-password
StrictModes yes

RSAAuthentication yes
#DSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile      %h/.ssh/authorized_keys

# rhosts authentication should not be used
RhostsAuthentication no
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys 
in /usr/local/etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
PermitEmptyPasswords no

# Uncomment to disable s/key passwords
#ChallengeResponseAuthentication no

# Uncomment to enable PAM keyboard-interactive authentication
# Warning: enabling this may bypass the setting of 'PasswordAuthentication'
#PAMAuthenticationViaKbdInt yes

# To change Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#AFSTokenPassing no
#KerberosTicketCleanup no

# Kerberos TGT Passing does only work with the AFS kaserver
#KerberosTgtPassing yes

X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
#PrintLastLog no
KeepAlive yes
#UseLogin no
UsePrivilegeSeparation no

#MaxStartups 10:30:60
Banner /etc/issue
#ReverseMappingCheck yes

Subsystem       sftp    /usr/local/libexec/sftp-server

Comment 5 Srinivas Musunuru 2003-12-16 16:17:15 AEDT

Which file does the "Banner" directive in sshd_config point to?  What are the
contents of that file? It is in sshd_config file (Banner /etc/issue)

sshd_config file contents

#       $Id: sshd_config,v 1.3 2002/10/18 22:37:52 root Exp $

#       $OpenBSD: sshd_config,v 1.42 2001/09/20 20:57:51 mouring Exp $

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin

# This is the sshd server system-wide configuration file.  See sshd(8)
# for more information.

Port 44321
Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress ::

# HostKey for protocol version 1
HostKey /usr/local/etc/ssh_host_key
# HostKeys for protocol version 2
HostKey /usr/local/etc/ssh_host_rsa_key
HostKey /usr/local/etc/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768

# Logging
SyslogFacility AUTH
LogLevel INFO
#obsoletes QuietMode and FascistLogging

# Authentication:

LoginGraceTime 600
PermitRootLogin without-password
StrictModes yes

RSAAuthentication yes
#DSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile      %h/.ssh/authorized_keys

# rhosts authentication should not be used
RhostsAuthentication no
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys 
in /usr/local/etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
PermitEmptyPasswords no

# Uncomment to disable s/key passwords
#ChallengeResponseAuthentication no

# Uncomment to enable PAM keyboard-interactive authentication
# Warning: enabling this may bypass the setting of 'PasswordAuthentication'
#PAMAuthenticationViaKbdInt yes

# To change Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#AFSTokenPassing no
#KerberosTicketCleanup no

# Kerberos TGT Passing does only work with the AFS kaserver
#KerberosTgtPassing yes

X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
#PrintLastLog no
KeepAlive yes
#UseLogin no
UsePrivilegeSeparation no

#MaxStartups 10:30:60
Banner /etc/issue
#ReverseMappingCheck yes

Subsystem       sftp    /usr/local/libexec/sftp-server

Comment 6 Darren Tucker 2003-12-16 16:37:32 AEDT

Please run ssh with debugging ("ssh -vvv" yourserver) and attach (note: use
"create attachment", do not paste into the text field) the output to the bug.

Also, does ssh -q stop one or both banners?

Comment 7 Srinivas Musunuru 2003-12-16 17:15:15 AEDT

Created attachment 511 [details]
("ssh -vvv" yourserver) and attach (note: use

Please run ssh with debugging ("ssh -vvv" yourserver) and attach (note: use
"create attachment", do not paste into the text field) the output to the bug.


pls find the attachment (attachment name: ssh login)

Comment 8 Srinivas Musunuru 2003-12-16 17:15:20 AEDT

Created attachment 512 [details]
("ssh -vvv" yourserver) and attach (note: use

Please run ssh with debugging ("ssh -vvv" yourserver) and attach (note: use
"create attachment", do not paste into the text field) the output to the bug.


pls find the attachment (attachment name: ssh login)

Comment 9 Srinivas Musunuru 2003-12-16 17:15:23 AEDT

Created attachment 513 [details]
("ssh -vvv" yourserver) and attach (note: use

Please run ssh with debugging ("ssh -vvv" yourserver) and attach (note: use
"create attachment", do not paste into the text field) the output to the bug.


pls find the attachment (attachment name: ssh login)

Comment 10 Darren Tucker 2003-12-16 17:26:35 AEDT

The debugging shows the message is being displayed once before login as the SSH2
banner ("Banner /path/to/file" in sshd_config) and once as /etc/motd after login
(since you have "PrintMotd no" this is probably from you shell startup script,
probably /etc/profile).  If you don't want both, turn one off.

Comment 11 Darren Tucker 2004-01-06 19:11:05 AEDT

This appears to have been a local config problem and since there's been no
followup, I'm closing this bug.

Comment 12 Damien Miller 2004-04-14 12:24:20 AEST

Mass change of RESOLVED bugs to CLOSED