How to suppress message of the day

Suppress message of the day for specific user or multiple user respectively.

Default message of the day looks like this.

$ ssh debian.example.org -l milosz -i ~/.ssh/ext_milosz
Linux buster 4.19.0-4-amd64 #1 SMP Debian 4.19.28-2 (2019-03-15) x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.

Last login: Mon Aug 26 22:21:30 2019 from 10.0.2.2
[email protected]:~$ 

Remote OpenSSH session

Per user option

To suppress message of the day for specific user create ~/.hushlogin file on remote server.

$ touch ~/.hushlogin

Global option for every user

To suppress message of the day for every user on remote server perform three simple steps.

Ensure that PrintLastLog option and PrintMotd respectively are disabled in OpenSSH server configuration /etc/ssh/sshd_config.

PrintMotd no
PrintLastLog no

Reload service after configuration update.

$ sudo systemctl update sshd

Ensure that PAM configuration /etc/pam.d/sshd for OpenSSH server does not use pam_motd module.

# Print the message of the day upon successful login.
# This includes a dynamically generated part from /run/motd.dynamic
# and a static (admin-editable) part from /etc/motd.
# session    optional     pam_motd.so motd=/run/motd.dynamic
# session    optional     pam_motd.so noupdate

Done.

$ ssh debian.example.org -l milosz -i ~/.ssh/ext_milosz
[email protected]:~$ 

This behavior is defined in OpenSSH session.c file.

/*
 * Check for quiet login, either .hushlogin or command given.
 */
int
check_quietlogin(Session *s, const char *command)
{
        char buf[256];
        struct passwd *pw = s->pw;
        struct stat st;

        /* Return 1 if .hushlogin exists or a command given. */
        if (command != NULL)
                return 1;
        snprintf(buf, sizeof(buf), "%.200s/.hushlogin", pw->pw_dir);
        if (login_getcapbool(lc, "hushlogin", 0) || stat(buf, &st) >= 0)
                return 1;
        return 0;
}

Local session

Per user option

Inspect default /etc/login.defs configuration to check HUSHLOGIN_FILE option.

$ cat /etc/login.defs 
[...]
#
# If defined, file which inhibits all the usual chatter during the login
# sequence.  If a full pathname, then hushed mode will be enabled if the
# user's name or shell are found in the file.  If not a full pathname, then
# hushed mode will be enabled if the file exists in the user's home directory.
#
HUSHLOGIN_FILE  .hushlogin
#HUSHLOGIN_FILE /etc/hushlogins
[...]

Create ~/.hushlogin file to suppress message of the day for particular user.

$ touch ~/.hushlogin

This behavior is defined in Shadow shadow/libmisc/hushed.c file.

/*
 * If this is not a fully rooted path then see if the
 * file exists in the user's home directory.
 */

if (hushfile[0] != '/') {
	(void) snprintf (buf, sizeof (buf), "%s/%s", pw->pw_dir, hushfile);
	return (access (buf, F_OK) == 0);
}

Global option for multiple users

Alter /etc/login.defs configuration to define system-wide /etc/hushlogins file as HUSHLOGIN_FILE.

$ cat /etc/login.defs 
[...]
#
# If defined, file which inhibits all the usual chatter during the login
# sequence.  If a full pathname, then hushed mode will be enabled if the
# user's name or shell are found in the file.  If not a full pathname, then
# hushed mode will be enabled if the file exists in the user's home directory.
#
# HUSHLOGIN_FILE  .hushlogin
HUSHLOGIN_FILE /etc/hushlogins
[...]

Add user login to /etc/hushlogins to suppress message of the day for specific user.

$ echo milosz | sudo tee -a /etc/hushlogins

Add login shell to /etc/hushlogins to suppress message of the day for every user using specific shell.

$ echo /bin/bash | sudo tee -a /etc/hushlogins

This behavior is defined in Shadow shadow/libmisc/hushed.c file.

/*
 * If this is a fully rooted path then go through the file
 * and see if this user, or its shell is in there.
 */

fp = fopen (hushfile, "r");
if (NULL == fp) {
	return false;
}
for (found = false; !found && (fgets (buf, (int) sizeof buf, fp) == buf);) {
	buf[strlen (buf) - 1] = '\0';
	found = (strcmp (buf, pw->pw_shell) == 0) ||
	        (strcmp (buf, pw->pw_name) == 0);
}

Global option for every user

Ensure that PAM configuration /etc/pam.d/login for the Shadow login service does not use pam_motd module.

# Print the message of the day upon successful login.
# This includes a dynamically generated part from /run/motd.dynamic
# and a static (admin-editable) part from /etc/motd.
# session    optional     pam_motd.so motd=/run/motd.dynamic
# session    optional     pam_motd.so noupdate

Done.