Manage the banner and MOTD overview

Contributors

ONTAP enables you to configure a login banner or a message of the day (MOTD) to communicate administrative information to CLI users of the cluster or storage virtual machine (SVM).

A banner is displayed in a console session (for cluster access only) or an SSH session (for cluster or SVM access) before a user is prompted for authentication such as a password. For example, you can use the banner to display a warning message such as the following to someone who attempts to log in to the system:

$ ssh admin@cluster1-01

This system is for authorized users only. Your IP Address has been logged.

Password:

An MOTD is displayed in a console session (for cluster access only) or an SSH session (for cluster or SVM access) after a user is authenticated but before the clustershell prompt appears. For example, you can use the MOTD to display a welcome or informational message such as the following that only authenticated users will see:

$ ssh admin@cluster1-01

Password:

Greetings. This system is running ONTAP 9.0.
Your user name is 'admin'. Your last login was Wed Apr 08 16:46:53 2015 from 10.72.137.28.

You can create or modify the content of the banner or MOTD by using the security login banner modify or security login motd modify command, respectively, in the following ways:

  • You can use the CLI interactively or noninteractively to specify the text to use for the banner or MOTD.

    The interactive mode, launched when the command is used without the -message or -uri parameter, enables you to use newlines (also known as end of lines) in the message.

    The noninteractive mode, which uses the -message parameter to specify the message string, does not support newlines.

  • You can upload content from an FTP or HTTP location to use for the banner or MOTD.

  • You can configure the MOTD to display dynamic content.

    Examples of what you can configure the MOTD to display dynamically include the following:

    • Cluster name, node name, or SVM name

    • Cluster date and time

    • Name of the user logging in

    • Last login for the user on any node in the cluster

    • Login device name or IP address

    • Operating system name

    • Software release version

    • Effective cluster version string The security login motd modify man page describes the escape sequences that you can use to enable the MOTD to display dynamically generated content.

    The banner does not support dynamic content.

You can manage the banner and MOTD at the cluster or SVM level:

  • The following facts apply to the banner:

    • The banner configured for the cluster is also used for all SVMs that do not have a banner message defined.

    • An SVM-level banner can be configured for each SVM.

      If a cluster-level banner has been configured, it is overridden by the SVM-level banner for the given SVM.

  • The following facts apply to the MOTD:

    • By default, the MOTD configured for the cluster is also enabled for all SVMs.

    • Additionally, an SVM-level MOTD can be configured for each SVM.

      In this case, users logging in to the SVM will see two MOTDs, one defined at the cluster level and the other at the SVM level.

    • The cluster-level MOTD can be enabled or disabled on a per-SVM basis by the cluster administrator.

      If the cluster administrator disables the cluster-level MOTD for an SVM, a user logging in to the SVM does not see the cluster-level MOTD.