Timing of banner

Damien Miller djm at mindrot.org
Sat Jul 2 05:09:14 EST 2011

On Fri, 1 Jul 2011, Bob Rasmussen wrote:

> A user at a Windows PC uses our SSH client software (Anzio) to access a 
> Linux sshd. User would like the banner from the server to display BEFORE 
> entering a login name.
> According to the SSH spec, this should be allowed. But the OpenSSH source 
> seems to have specifically prevented this. Is there a good reason for 
> this?

We send the banner after the receipt of the first user authentication
request. RFC4252 could be interpreted to allow sending the banner sooner,
right after the "ssh-userauth" service has been requested, but we haven't
tested this and doing so would remove the ability to vary the banner
depending on the user who is connecting (as we can now with sshd_config
"Banner" statements inside "Match" blocks).

For the latter reason, we don't have any plans to send the banner earlier.


More information about the openssh-unix-dev mailing list