How to disable the Linux login banner

Looking to eke out as much security as you can from your Linux servers? Jack Wallen shows you how you can limit the information would-be ne'er-do-wells get by disabling the login banner.

Securing a laptop

Image: iStock/structuresxx

When you log in to Linux, either by way of SSH or the console, you are greeted with a banner that offers up a few important bits of information. If you're doing everything you can to secure that Linux server, the information shared by that banner can be a gold mine to ne'er do wells and would-be attackers. Information like kernel release, distribution type, available updates, and more can be revealed. 

So how do you prevent that information from being displayed when users log into your Linux systems? Let me show you. 

SEE: Checklist: Securing digital information (TechRepublic Premium)

The most effective way to do this is by way of creating a per-user file that disables the login banner. To do that, log in to your Linux server and issue the command: 

sudo touch /home/USER/.hushlogin 

Where USER is the name of the user who logs into the machine. The next time that user logs in to the system, they will no longer see the banner. That method works great if you only have a few users. 

If you're on a system that houses a large number of users, you need a more efficient way of handling this task. For that, you will first open the sshd_config file with the command: 

sudo nano /etc/ssh/sshd_config

In that file, remove the # character before the line PrintMotd no and then add the line PrintLastLog no below it. 

Save and close the file. On Red Hat distributions, restart SSH with the command:

sudo systemctl restart ssh on Ubuntu distributions and sudo systemctl restart sshd

Next, open the PAM SSH config file with the command: 

sudo nano /etc/pam.d/sshd

In that file, comment out (by adding a # character) the line session optional pam_motd.so motd=/run/motd.dynamic and the line session optional pam_motd.so noupdate

With these configurations in place, it won't matter who logs into your Linux machine, they won't see the banner. This is just a tiny step forward in gaining more security on your Linux servers, but even small progress is still progress.

Subscribe to TechRepublic's How To Make Tech Work on YouTube for all the latest tech advice for business pros from Jack Wallen.

Also see