proposal: new DisableBanner client side option

Damien Miller djm at mindrot.org
Fri Jan 19 08:37:27 EST 2007


On Thu, 18 Jan 2007, Jan Pechanec wrote:

> 
> 	hi all, we had quite a few requests recently so that SunSSH allowed 
> to hush a banner on client side when in command-mode only. The argument 
> usually is that the banner is mandatory due to legal reasons so first time 
> login users should see it but that it causes problems when ssh is used from 
> scripts after that. '-q' often seems not an option. RFC 4252 permits hushing 
> banner in section 5.4.

"ssh -q" or the "Loglevel quiet" config option will hush the banner fine
on OpenSSH. IMO not doing so "for legal reasons" is just silly. What
next, will Solaris disable stderr redirection to prevent someone from
missing a disclaimer? If people want to stick their heads in the sand then
they will find a way.

> 	we want to add DisableBanner option to SunSSH with 
> yes/no/in-exec-mode arguments, default to "no". It's designed to be 
> extendable in a backward compatible way to a comma separated list of 
> "in-<mode>-mode" strings if needed in the future. "in-subsystem-mode" could 
> be the next candidate.
> 
> 	since we try to avoid divergence with upstream (= OpenSSH) if 
> possible I would like to ask, in case you would be interested in adding such 
> functionality to OpenSSH in which case I can provide a patch then, whether 
> this would be an acceptible syntax for both.

Thanks for making the effort to retain compatibility, but OpenSSH won't
adopt such an option. I don't think it is necessary, and there is a strong
consensus among the developers to have fewer, rather than more, options.

-d



More information about the openssh-unix-dev mailing list