Authentication Service, Mac & PC Management Service, Auditing and Monitoring Service
000001994
KB-1387: How do I enable or disable Centrify SSH banner
Applies to: DirectControl-Enabled OpenSSH
Question:
How do I enable/disable SSH banner in Centrify OpenSSH
Answer:
If you wish to do it on all servers, you can do it via a GP by following the below steps. If you wish to do it on one server or a few server, please follow step 5.
1) Use the SSH Settings group policies to manage different aspects of secure shell (ssh) authentication.
2) The SSH Settings group policies are defined in the centrify_unix_settings.xml administrative template.
3) When you set SSH Settings group policies, parameters are set in the secure shell configuration file, /etc/centrifydc/ssh/sshd_config, not in the Centrify DirectControl configuration file centrifydc.conf.
4) The "Set banner path" can be enabled or disabled for a remote user requesting authentication.Typically, the file contains a warning about authentication to provide legal protection to the company. This group policy modifies the ssh.banner setting in the /etc/centrifydc/ssh/sshd_config file. See screenshot
5) If you wish to do it on a single machine or a few machines, you can comment the line"Banner /etc/issue" in /etc/centrifydc/ssh/sshd_config and restart SSH