Creating an SSH login banner in Next Generation Firewall
- Article Number: 000010461
- Products: Next Generation Firewall (NGFW)
- Version: 6.6, 6.5, 6.4, 6.3, 6.2, 6.1, 6.0, 5.9, 5.8, 5.10
- Last Published Date: June 27, 2019
The required settings to display the SSH login banner follow generic Linux sshd_config file syntax and configuration. But since the relevant filesystem is in read-only mode in the NGFW, the sshd_config and login banner cannot be edited and added directly in /etc/ssh/ directory.
SSH server and its configuration file are updated to a newer version in NGFW engine v6.3.0. If you have customized SSH server configuration file /data/config/ssh/sshd_config, upgrading may not be able to correctly update configuration file preventing login through SSH.
Note Perform the following steps on the engine command line.
Add a login banner to be displayed for SSH connections to the NGFW engine:
Important Before deleting the file, create a copy of the existing sshd_config to be able to return previous customization settings.