Is it possible to have a multi-line login banner for telnet and FTP sessions
under AIX 5.1? I did a bit of Google searching and it seems like single
line is the only possible way for either. Is that right, or are there ways
around this limit? I'm using the "herald" variable to do this - I'd like to
see the message before the user logs in.

For AIX 5.1, only one line is allowed ('\n' will NOT work). And this
is straight from IBM support line. I called them last month regarding
the same question. We're both out of luck!

Cheers!

"Eigenvector" <m44_master@yahoo.com> wrote in message
news:<nFtXd.33$2n3.3319@news.uswest.net>
....
> Is it possible to have a multi-line login banner for telnet and FTP sessions
> under AIX 5.1? I did a bit of Google searching and it seems like single
> line is the only possible way for either. Is that right, or are there ways
> around this limit? I'm using the "herald" variable to do this - I'd like to
> see the message before the user logs in.

You could circumvene this for users connecting via ssh by using
the banner option in sshd_config - I set it to /etc/motd which
will print a pretty standard "go home if You're not me" banner.

Regards,
Florian

--
florian heigl
http://deranfangvomen.de/

Eigenvector wrote:

> Is it possible to have a multi-line login banner for telnet and FTP sessions
> under AIX 5.1? I did a bit of Google searching and it seems like single
> line is the only possible way for either. Is that right, or are there ways
> around this limit? I'm using the "herald" variable to do this - I'd like to
> see the message before the user logs in.
>
>

For telnet on aix 5.1-ml7, this works for me:

/etc/security/login.cfg
default:
herald = "\n\rline1\n\r\tline2\n\r\t\tlogin:"

Note the use of \n \r and \t (tab).


For ftp the thread in this newsgroup from
14 September 2004 with the Subject: AIX FTP Banner Problem
is as close an answer as I can give you (i.e. no for 5.1).

Paul Landay

Eigenvector,

You should be able to create a multi-line login herald. We just add
"\r" after the "\n". We do this to all the RS6000's we setup (from AIX
3.2.5 to AIX 5.3) and I assume you're editing /etc/security/login.cfg.

For Example:

herald = "\n\n\n\n\rThis is line 1\n\rThis is line 2\n\rLogin: "

I've never edited the herald for FTP so I don't know if it applies to
it or not.

Cheers!

<homeyjoe@gmail.com> wrote in message
news:1110477126.324440.47930@f14g2000cwb.googlegro ups.com...
> Eigenvector,
>
> You should be able to create a multi-line login herald. We just add
> "\r" after the "\n". We do this to all the RS6000's we setup (from AIX
> 3.2.5 to AIX 5.3) and I assume you're editing /etc/security/login.cfg.
>
> For Example:
>
> herald = "\n\n\n\n\rThis is line 1\n\rThis is line 2\n\rLogin: "
>
> I've never edited the herald for FTP so I don't know if it applies to
> it or not.
>
> Cheers!
>
Thanks all, I circumvented the problem by using WU-FTP for the FTP banners,
and relying on motd for the telnet, I guess the boss-man will have to live
with that solution.

Eigenvector wrote:
> Thanks all, I circumvented the problem by using WU-FTP
> for the FTP banners, and relying on motd for the telnet,
> I guess the boss-man will have to live with that solution.

I had a tool to take the contents of the /etc/motd file
(though this could be /etc/issue or /etc/issue.net, if
you feel like it) and generates the appropriate herald
entry in /etc/security/login.cfg. Sadly, it was written
in awk and required gawk to get it right.

Suggestion: get OpenSSH and set up the sshd_config file
with:

Banner /etc/issue.net

and perhaps even:

PrintMotd yes

so all you have to do is populate those files in order
to present something that DOESN'T say "Welcome".

In any case, you should be aggressively discouraging the
use of telnet and encouraging the use of SSH in place.

Some suggestions: use "putty" for SSH access from Windows
systems. (Putty has been ported to Linux and it *is* a
worth-while tool since DEL (0x7F) is "usual" for Linux
(and some other systems) but AIX, by default, prefers to
see the BS (0x08) character... and putty will handle the
mapping for you. (It's popular where I work, as are the
brethren of putty: pscp, for instance.)

--
John R. Campbell Speaker to Machines soup at tampabay dot rr dot com
"Grace is sufficient so Joy was let go." - Heather L. Campbell
"Faith manages ... even though she didn't get promoted" - me
Why OS X? Because making Unix user-friendly was easier than debugging Windows