4275067878__set-a-security-banner-for-ssh-logins-on-a-linux-server-like-an-ec2-instance-running-amaz

Set a security banner for SSH logins on a Linux server (like an EC2 instance running Amazon Linux or RHEL/CentOS), and configures the SSH daemon to show this banner and enforce a client keepa

Steps Creates a login banner at /etc/issue.net . Sets permissions for that file. Configures SSHD ( /etc/ssh/sshd_config ) to use this banner. Backs up the SSH config file. Sets ClientAliveInterval to 300 seconds (5 minutes) to disconnect idle sessions. Prerequisites Before running the script: You must have SSH access to the target Linux server. You need sudo privileges on the target server. Port 22 (SSH) must be open in the security group (for EC2). How to Use It Assume you are running the script from your local machine , and applying it to a remote EC2 instance . Script #!/bin/bash

ssh ec2-user@ 'bash -s' < set-banner.sh

BANNER_PATH="/etc/issue.net" SSH_CONFIG="/etc/ssh/sshd_config" cat << 'EOF' > $BANNER_PATH

You are accessing a company Information System ("IS") that is provided for company authorized use only. Users of this IS have no expectation of privacy while using this IS and all activities on this IS are subject to monitoring, recording, and auditing. Unauthorized use of this IS is strictly prohibited and may result in disciplinary action and civil/criminal penalties. By continuing to use this IS you indicate your awareness of and consent to these terms and conditions of use. If you do not agree to the conditions stated in this notice, log off immediately.

EOF

Set permissions

chmod 644 $BANNER_PATH

Enable banner in SSH

if grep -q "^Banner" $SSH_CONFIG; then sed -i 's|^Banner.*|Banner /etc/issue.net|' $SSH_CONFIG else echo "Banner /etc/issue.net" >> $SSH_CONFIG fi FILE="/etc/ssh/sshd_config" BACKUP="/etc/ssh/sshd_config.bak.$(date +%s)" sudo cp "$FILE" "$BACKUP"

Replace or append the settings

sudo sed -i '/^ClientAliveInterval/d' "$FILE" sudo sed -i '/^#ClientAliveInterval/d' "$FILE" echo "ClientAliveInterval 300" | sudo tee -a "$FILE" Save the script to a file called set-banner.sh on your local machine. chmod +x set-banner.sh Run the Script Remotely via SSH Replace with your EC2 instance's public IP or DNS name. ssh ec2-user@ 'bash -s' < set-banner.sh 💡 Use ubuntu@ if the instance is Ubuntu. Post-Script Manual Step After the script runs, restart the SSH service on the remote server: sudo systemctl restart sshd Or, on some systems: sudo service sshd restart Files Modified or Created Files FilePurpose /etc/issue.net Contains the SSH login banner text /etc/ssh/sshd_config SSH daemon configuration /etc/ssh/sshd_config.bak. Backup before editing Resulting Configuration In /etc/ssh/sshd_config , you will see: Banner /etc/issue.net ClientAliveInterval 300 Verification Steps Login to the server via SSH again : ssh ec2-user@ You should see the banner message before the shell prompt. Confirm SSH config: grep -Ei 'banner|clientaliveinterval' /etc/ssh/sshd_config