OpenSSH 5.1 banner

anrxc · 2009-01-01 19:40:28

Anyone knows what happened between openssh 5.0 and 5.1 regarding the picture. OpenSSH changelog didn't offer much clues.

rson451 · 2009-01-02 11:48:09

http://xs135.xs.to/xs135/09015/untitled476.png

Works here. My MOTD can be found here: http://rsontech.net/motd

anrxc · 2009-01-02 17:09:51

Ofcourse, but what about OpenSSH 5.1 client?

rson451 · 2009-01-02 17:13:43

That is the client. I can ssh to localhost with it and it still works.

anrxc · 2009-01-02 18:47:49

That is the client.

All I saw was putty.

I can ssh to localhost with it and it still works.

So it works for you, and for everyone else it appears for I wasn't able to find one mention of this. I have a Slackware machine with 5.0 and there it works while on Arch with 5.1 it doesn't. It stopped working some 6 months ago, with the upgrade from 5.0.

anrxc · 2009-01-03 17:58:39

I was wrong, I'm not the only person to notice this. Newer Slackware versions also have OpenSSH 5.1 and I found a topic where some fellow makes inquiries about this http://www.linuxquestions.org/questions … ns-663495/

There they refer to LFS documentation http://www.linuxfromscratch.org/blfs/vi … logon.html where is said that certain escape sequences in issue.net will not be interpreted (the ones that are interpreted on login from /etc/issue)... but this was always true, while colors worked.

Then I went on to read ssh rfc's and found:

5.4. Banner Message
...
The SSH server may send an SSH_MSG_USERAUTH_BANNER message at any
time after this authentication protocol starts and before
authentication is successful. This message contains text to be
displayed to the client user before authentication is attempted. The
format is as follows:
byte SSH_MSG_USERAUTH_BANNER
string message in ISO-10646 UTF-8 encoding [RFC3629]
string language tag [RFC3066]
...
If the 'message' string is displayed, control character filtering,
discussed in [SSH-ARCH], SHOULD be used to avoid attacks by sending
terminal control characters.
...
[SSH-ARCH]
9.2. Control Character Filtering
When displaying text to a user, such as error or debug messages, the
client software SHOULD replace any control characters (except tab,
carriage return, and newline) with safe sequences to avoid attacks by
sending terminal control characters.

If there was a change in 5.1 and filtering - it wasn't documented in the Changelog. I'm certainly not the only person with a colored banner and I expected that more people will ask about this, but 6 months later there was none of it so I decided to post here.

PiousMinion · 2009-09-29 21:55:24

So....
Has no one found a workaround for this?

I want a warning/message BEFORE they gain access to my system. While having color is preferable, this limitation also impacts my ability to include my message in other languages.

The banner I'm trying to get working correctly can be found here: http://bbs.archlinux.org/viewtopic.php? … 09#p619409
Try it out for yourself and see how mangled the entire thing looks due to the other languages.

Arch Linux

#1 2009-01-01 19:40:28

OpenSSH 5.1 banner

#2 2009-01-02 11:48:09

Re: OpenSSH 5.1 banner

#3 2009-01-02 17:09:51

Re: OpenSSH 5.1 banner

#4 2009-01-02 17:13:43

Re: OpenSSH 5.1 banner

#5 2009-01-02 18:47:49

Re: OpenSSH 5.1 banner

#6 2009-01-03 17:58:39

Re: OpenSSH 5.1 banner

#7 2009-09-29 21:55:24

Re: OpenSSH 5.1 banner

Board footer