xcat-core icon indicating copy to clipboard operation
xcat-core copied to clipboard

Published 20 hours ago verified publisher icon xcat2

psh suppress banner

Open ddo262 opened this issue 5 years ago • 11 comments
trafficstars

update psh to suppress banner. Ex. ssh -o LogLevel=error

ddo262 avatar Oct 22 '20 00:10 ddo262

@ddo262 Can you show an example of the output where banner suppression is desired.

gurevichmark avatar Oct 22 '20 14:10 gurevichmark

@gurevichmark Currently: psh cpu01 hostname cpu01: You are accessing blab blab blab cpu01: cpu01

Desired: psh cpu01 hostname cpu01: cpu01

ddo262 avatar Oct 23 '20 13:10 ddo262

Not able to recreate on any of my nodes.

What OS is cpu01 running ? Do you have LogLevel set in /etc/ssh/sshd_config

gurevichmark avatar Oct 23 '20 15:10 gurevichmark

@gurevichmark It is running redhat 7.8 LogLevel is not set in sshd_config ~/.ssh/config is blank

ddo262 avatar Oct 23 '20 19:10 ddo262

So I assume you get the same banner if running ssh cpu01 hostname ? And no banner for ssh -o LogLevel=error cpu01 hostname ?

gurevichmark avatar Oct 23 '20 19:10 gurevichmark

@gurevichmark yes that is correct. ssh cpu01 hostname shows a banner then the return from the command. ssh -o LogLevel=error cpu01 only shows the return from the command.

ddo262 avatar Oct 26 '20 16:10 ddo262

@ddo262 You have the ability to control this behavior using your own ~/.ssh/config file, so I don't think it is necessary for xCAT to add anything to support this.

Configure an sshd banner on a compute node:

[root@mid05tor12cn17 ~]# cat /etc/ssh/sshd-banner 
Warning: this is an ssh banner.

[root@mid05tor12cn17 ~]# grep Banner /etc/ssh/sshd_config
Banner /etc/ssh/sshd-banner

[root@mid05tor12cn17 ~]# systemctl restart sshd

Confirm the banner behavior from the xCAT management node to the compute node with default ssh LogLevel:

[root@briggs01 ~]# ssh mid05tor12cn17 uptime
Warning: this is an ssh banner.
 13:04:22 up  1:11,  1 user,  load average: 0.01, 0.02, 0.01

[root@briggs01 ~]# ssh -o LogLevel=error mid05tor12cn17 uptime
 13:04:29 up  1:11,  1 user,  load average: 0.01, 0.02, 0.01

[root@briggs01 ~]# psh mid05tor12cn17 uptime
mid05tor12cn17: Warning: this is an ssh banner.
mid05tor12cn17:  13:04:34 up  1:11,  1 user,  load average: 0.01, 0.02, 0.01

[root@briggs01 ~]# xdsh mid05tor12cn17 uptime
mid05tor12cn17:  13:04:39 up  1:11,  1 user,  load average: 0.01, 0.02, 0.01
[briggs01]: mid05tor12cn17: Warning: this is an ssh banner.

Update the root user ssh client config file on the management node to set the ssh LogLevel to ERROR:

[root@briggs01 ~]# grep LogLevel /root/.ssh/config 
LogLevel ERROR

Repeat the same tests from above and observe that the banner is suppressed for ssh, psh, and xdsh:

[root@briggs01 ~]# ssh mid05tor12cn17 uptime
 13:08:01 up  1:15,  1 user,  load average: 0.00, 0.00, 0.00

[root@briggs01 ~]# ssh -o LogLevel=error mid05tor12cn17 uptime
 13:08:06 up  1:15,  1 user,  load average: 0.00, 0.00, 0.00

[root@briggs01 ~]# psh mid05tor12cn17 uptime
mid05tor12cn17:  13:08:13 up  1:15,  1 user,  load average: 0.00, 0.00, 0.00

[root@briggs01 ~]# xdsh mid05tor12cn17 uptime
mid05tor12cn17:  13:08:18 up  1:15,  1 user,  load average: 0.00, 0.00, 0.00

Can you confirm that this addresses your situation?

besawn avatar Oct 26 '20 17:10 besawn

@ddo262 Also, if there is no specific need for psh, and you can use xdsh instead, the xdsh command has a "node options" flag. So you can do something like xdsh cpu01 -o "-o LogLevel=ERROR" uptime

gurevichmark avatar Oct 26 '20 17:10 gurevichmark

@besawn I need the banner to be displayed per requirement when the user logs in via ssh. The user also uses the psh command to execute remote commands on multiple nodes but the banner (banner contains multiple lines of text) obscures the return data for the node.

@gurevichmark I tried using xdsh but i'm getting a Permission denied (publickey,password) error.

psh and xdsh commands are not being run as root. The users are using the commands.

Would like ssh cpu01 banner is displayed psh cpu01 date no banner is display

ddo262 avatar Oct 27 '20 14:10 ddo262

@ddo262 Can you address this by setting your banner in /etc/motd instead of using an ssh banner?

[root@mid05tor12cn17 ~]# cat /etc/motd
Warning: motd banner

# Interactive login displays banner:
[root@briggs01 ~]# ssh mid05tor12cn17
Warning: motd banner
Last login: Tue Oct 27 10:18:59 2020 from 172.12.253.27
[root@mid05tor12cn17 ~]# exit
logout

# Non-interactive login does not display banner
[root@briggs01 ~]# ssh mid05tor12cn17 uptime
 10:19:24 up 22:26,  0 users,  load average: 0.16, 0.03, 0.01

[root@briggs01 ~]# psh mid05tor12cn17 uptime
mid05tor12cn17:  10:19:42 up 22:26,  0 users,  load average: 0.12, 0.03, 0.01

[root@briggs01 ~]# xdsh mid05tor12cn17 uptime
mid05tor12cn17:  10:19:50 up 22:26,  0 users,  load average: 0.10, 0.03, 0.01

besawn avatar Oct 27 '20 14:10 besawn

@besawn motd displays after a user logs in. The banner has to be displayed before login.

ddo262 avatar Oct 27 '20 18:10 ddo262