Parameter PrintMod in sshd_config file not effective

[greenf9x08]

Hi,
while trying to customize a message of the day by adding a file in the /etc/profile.d folder and trying to login via ssh to get a new welcome message, by overriding the /etc/motd file, i noticed that the parameter is completely uneffective.
EIther if i leave it like the default settings
#PrintMod yes
or uncommenting mode and "no"
PrintMod no

...i do always get both themessage from /etc/motd file and my new message in /etc/profile.d/greetings.sh
some details
1) my kernel version is
5.14.0-419.el9.x86_64 and ssh is OpenSSH_8.7p1, OpenSSL 3.0.7 1 Nov 2022

2) i made the greetings.sh file executable
3) i always restart sshd service
is there any one of you that have experienced the same issue or can provide any tip about this issue?
Thank you in advance
Paolo

[jlehtone]

man sshd_config writes:

PrintMotd
Specifies whether sshd(8) should print /etc/motd when a user logs in interactively. (On some systems it is also printed by the shell, /etc/profile, or equivalent.) The default is yes.

However, the "default" seems to be 'no':

Code: Select all

# sshd -T | grep printmotd
printmotd no

If binary has 'yes' as default, but system shows 'no', then where is explicit config?

Code: Select all

# grep -ri printmotd /etc/ssh
/etc/ssh/sshd_config:#PrintMotd yes
/etc/ssh/sshd_config.d/50-redhat.conf:# It is recommended to use pam_motd in /etc/pam.d/sshd instead of PrintMotd,
/etc/ssh/sshd_config.d/50-redhat.conf:PrintMotd no

I see you!

This is all about how sshd is and should be configured in EL9.

The content of /etc/ssh/sshd_config.d/50-redhat.conf overrides everything that is after the

Code: Select all

Include /etc/ssh/sshd_config.d/*.conf

in /etc/ssh/sshd_config

The solution (if you want 'yes') is:

Code: Select all

echo "PrintMotd yes" >> /etc/ssh/sshd_config.d/00-my.conf

Things set in /etc/ssh/sshd_config.d/00-my.conf override same things in /etc/ssh/sshd_config.d/50-redhat.conf.

[greenf9x08]

Hi jlehtone

Thanks a lot for the effort
what i really wanted is simply that the new greetings.sh in /etc/profile.d folder,. ovverides the /etc/motd file content.
What i understood is that if i set . by uncommenting it
PrintMotd no
in the sshd_config file,and restart the sshd service, the message in greetings.sh will show up, while the /etc/motd file message no

Instead, that parameter is completely uneffective. as explaine before.
i always got both messages regardless of what i se there.

however, i created a 00. conf file as you said but i dont get any effect,
I always got 2 messages,

[jlehtone]

The main point was that the config is "PrintMotd no" to begin with -- sshd does not show any motd.

The comment that grep did pick tells partly why:

It is recommended to use pam_motd in /etc/pam.d/sshd instead of PrintMotd

(You may want to read the entire /etc/ssh/sshd_config.d/50-redhat.conf since my minimal grep did not show whole sentence.)

Based on that comment you should look at /etc/pam.d/sshd and find out what pam_motd does do.