I've read Stop ssh login from printing motd from the client?, however my situation is a bit different :
ssh -o "PrintBanner=No" someserver).Any idea?
There is a LogLevel option:
It silences the banner but you're still able to receive errors:
$ ssh -o LogLevel=error localhost
Permission denied (publickey).
I 've tested it, I think u can use -q in the ssh command. Parameter -q was means Quiet mode. It causes most warning and diagnostic messages to be suppressed, e.g.
ssh -t '$node2' 'sudo cat xxx' |grep xxxxx" 2>/dev/null >/root/node2
or
ssh -t -q '$node2' 'sudo cat xxxx' |grep xxx" >/root/node2
Hope this can help others
Seems like you're looking for -q:
Quiet mode. Causes most warning and diagnostic messages to be suppressed.
ssh user@host
*------------------------------------------------------------------------------*
| banner: blah |
*------------------------------------------------------------------------------*
Last login: Mon Oct 2 16:40:01 2017 from ipAddress
$
With -q
ssh -q user@host
Last login: Mon Oct 2 16:40:30 2017 from ipAddress
$
Nice and quiet. The banner is still configured but you're not bothered by it.
On another note: don't use banners. It's best not to confirm or deny anything. It won't help you with the people you weren't worried about and the people you are worried about will laugh as they work past it ;-)
You should be able to set a different Banner (to none) inside a Match block.
For instance:
Match Address 192.0.2.0/24
Banner none
But this has to be done server-side, based on specific conditions. You can't do it from the client side.
Ok adding my resolution. I discovered that I was getting different results depending on how I used ssh.
ssh -q tgt true
No Banner
ssh -q tgt <<EOF
true
EOF
Banner
ssh -q tgt bash <<EOF
true
EOF
No Banner
For me, -o LogLevel=error was better than -q, because the latter suppresses the important error information (which you can then obtain only via exit code).
Compare this (without options):
[root@myserver804 myuser1]# ssh targetserver1; echo "exit code=$?"
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
SHA256:hvtR8Dl09aUeCeG2cT5EA8b+nbCOoV6h1DUON2vE63w.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending RSA key in /root/.ssh/known_hosts:1735
RSA host key for targetserver1 has changed and you have requested strict checking.
Host key verification failed.
exit code=255
with this (quiet)
[root@myserver804 myuser1]# ssh -q targetserver1; echo "exit code=$?"
exit code=255
with this (only log errors)
[root@myserver804 myuser1]# ssh -o LogLevel=error targetserver1; echo "exit code=$?"
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
SHA256:hvtR8Dl09aUeCeG2cT5EA8b+nbCOoV6h1DUON2vE63w.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending RSA key in /root/.ssh/known_hosts:1735
RSA host key for targetserver1 has changed and you have requested strict checking.
Host key verification failed.
exit code=255
So the conclusion is - if you are still interested in relevant errors, use -o LogLevel=error
Neither the -q or the -oLogLevel=error works.
What does work is to suppress STDERR
ssh hostname command 2>/dev/null
The downside, however, is that the STDERR suppression is applied to the entire command and not just the SSH program.
On a user basis you can suppress server banners by creating an empty file in a user's $HOME directory (/home/username/) called .hushlogin.
touch ~/.hushlogin
Whenever a command is provided as a command-line parameter to ssh, it is run as a non-PTY session and the welcome message is hidden:
ssh localhost bash
You can, if you wish, also use this to send a batch set of commands:
echo "ls" | ssh localhost # Welcome and ls output
echo "ls" | ssh localhost bash # Just the ls output
Just call a shell, that should suppress the banner.
ssh you@someplace.com /bin/bash
Note though, for me at least, my $PS1 doesn't get set, so it looks like it's hanging. I had to type a couple of commands to verify that it was working.
For me -q did the trick and I was still able to work with the output saved to a file.
ssh -q root@server28 "ls -alF /dr_mksysb |egrep -v \"total|lost+found|./|../\" |awk '{print \$NF}' |sed 's/.\$//g'" > ${basedir}/28.list
You can't. (At least not with stock OpenSSH)
The server banner is sent by the server before authentication happens. It's point is usually to contain a legal disclaimer or similar "If you're not authorized disconnect NOW" type message, or other critical things you don't want the remote user to be able to suppress/ignore.
If you really want to get rid of this you will need to hack and compile your own customized version of the SSH client.
