Options
ASA login banners
docrice
Member Posts: 1,706 ■■■■■■■■■■
I'm trying to have a banner that shows before the username prompt when SSHing in. banner login just doesn't seem to work for me. Works fine in IOS. Perhaps I'm missing something obvious. I'm using Putty and Linux SSH clients. Any suggestions?
Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
Comments
-
Optionsnicklauscombs Member Posts: 885i dont believe the banner login command works with SSH (could be wrong though). Might have to use exec or motd?WIP: IPS exam
-
Optionskmcintosh78 Member Posts: 195I think you want a Message of the Day.
Here it is
[h=2]Configuring a Login Banner[/h] You can configure a message to display when a user connects to the security appliance, before a user logs in, or before a user enters privileged EXEC mode.
To configure a login banner, enter the following command in the system execution space or within a context:
hostname(config)# banner {exec | login | motd} text
Adds a banner to display at one of three times: when a user first connects (message-of-the-day (motd)), when a user logs in (login), and when a user accesses privileged EXEC mode (exec). When a user connects to the security appliance, the message-of-the-day banner appears first, followed by the login banner and prompts. After the user successfully logs in to the security appliance, the exec banner displays.
For the banner text, spaces are allowed but tabs cannot be entered using the CLI. You can dynamically add the hostname or domain name of the security appliance by including the strings $(hostname) and $(domain). If you configure a banner in the system configuration, you can use that banner text within a context by using the $(system) string in the context configuration.
To add more than one line, precede each line by the banner command.
For example, to add a message-of-the-day banner, enter:
hostname(config)# banner motd Welcome to $(hostname).
hostname(config)# banner motd Contact me at admin@example.com for any
hostname(config)# banner motd issues.
What I am working on
CCNP Route (Currently) 80% done
CCNP Switch (Next Year)
CCNP TShoot (Next Year) -
Optionskmcintosh78 Member Posts: 195Try applying it as the MOTD command. I believe that should work.What I am working on
CCNP Route (Currently) 80% done
CCNP Switch (Next Year)
CCNP TShoot (Next Year) -
Optionsdocrice Member Posts: 1,706 ■■■■■■■■■■I've tried both exec and motd but can't get it to work. Do you guys have working pre-login banners that you can verify? I'm looking for something that displays the banner before the username prompt appears.Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
-
Optionskmcintosh78 Member Posts: 195I just checked, and my 6509s and my ASAs are set for MOTD/Banners. Telnet and even ASDM will display the Banner.
SSH does not.
Like what nicklauscombs stated, Don't think that SSL will give you the Banner before you login.
Just don't think it is an option.What I am working on
CCNP Route (Currently) 80% done
CCNP Switch (Next Year)
CCNP TShoot (Next Year) -
OptionsMrock4 Banned Posts: 2,359 ■■■■■■■■□□Our ASA's display a banner with SSH. We use "banner motd".
-
Optionskmcintosh78 Member Posts: 195Really?!?!?!?!
Don't happen to have the ability to post the part from the config?
Is it a statement in the SSH login for it?What I am working on
CCNP Route (Currently) 80% done
CCNP Switch (Next Year)
CCNP TShoot (Next Year) -
OptionsMrock4 Banned Posts: 2,359 ■■■■■■■■□□kmcintosh78 wrote: »Really?!?!?!?!
Don't happen to have the ability to post the part from the config?
Is it a statement in the SSH login for it?
I'll check it out at work next week and post it up. I don't recall off the top of my head. -
OptionsMrock4 Banned Posts: 2,359 ■■■■■■■■□□It's never worked with SSH, AFAIK.
Howto: configure a Cisco ASA 5505 Part 1 – how to connect to a cable modem with DHCP « atc.go0se.com <-- This guy got it working
and
Cisco ASA 5500 Series Configuration Guide using the CLI, 8.3 - Configuring Management Access [Cisco ASA 5500 Series Adaptive Security Appliances] - Cisco Systems states: "After a banner is added, Telnet or SSH sessions to adaptive security appliance may close if:
•There is not enough system memory available to process the banner message(s).
•A TCP write error occurs when attempting to display banner message(s). "
Which implies that it's supported, though I didn't see it in the Cisco docs. I know I'm not crazy, so tomorrow I'll remember to SSH in and post any relevant code. I usually use ASDM, so it's been a while since I've needed to SSH in. I do know these are 5540's using 8.3 code. -
OptionsMrock4 Banned Posts: 2,359 ■■■■■■■■□□That's AFTER login though, no?
Tried today. You got the banner after entering your username/pw, and right before enable. Sucks. -
OptionsNutsacjac Member Posts: 76 ■■■□□□□□□□kmcintosh78 wrote: »I think you want a Message of the Day.
Here it is
[h=2]Configuring a Login Banner[/h] You can configure a message to display when a user connects to the security appliance, before a user logs in, or before a user enters privileged EXEC mode.
To configure a login banner, enter the following command in the system execution space or within a context:
hostname(config)# banner {exec | login | motd} text
Adds a banner to display at one of three times: when a user first connects (message-of-the-day (motd)), when a user logs in (login), and when a user accesses privileged EXEC mode (exec). When a user connects to the security appliance, the message-of-the-day banner appears first, followed by the login banner and prompts. After the user successfully logs in to the security appliance, the exec banner displays.
For the banner text, spaces are allowed but tabs cannot be entered using the CLI. You can dynamically add the hostname or domain name of the security appliance by including the strings $(hostname) and $(domain). If you configure a banner in the system configuration, you can use that banner text within a context by using the $(system) string in the context configuration.
To add more than one line, precede each line by the banner command.
For example, to add a message-of-the-day banner, enter:
hostname(config)# banner motd Welcome to $(hostname).
hostname(config)# banner motd Contact me at admin@example.com for any
hostname(config)# banner motd issues.
Thread necromancy I know, but I just ran into this issue today and it worked. Thanks and +rep