How to prevent "Last Login:" message from showing up when using sftp?
Solution 1
A typo on my part was the cause of the unreasonable behavior I was experiencing above. It is /etc/ssh/sshd_config
(corresponding to the ssh
daemon) that must be edited, not /etc/ssh/ssh_config
(corresponding to the ssh
client). I leave this question here in case it may help someone else.
Solution 2
On my system it came from Pam.
/etc/pam.d/postlogin
to be exact.
I got rid of the message by commenting out the existing lines and adding:
session optional pam_lastlog.so silent
Related videos on Youtube
Omid
Updated on September 18, 2022Comments
-
Omid over 1 year
In Ubuntu GNU/Linux 12.04, I have a user
johndoe
that is part of ansftponly
group, set up tosftp
to achroot
jail usingSubsystem sftp internal-sftp Match Group sftponly ChrootDirectory %h ForceCommand internal-sftp AllowTcpForwarding no
at the end of
/etc/ssh/ssh_config
. All components of the user'shome
directory areroot
-owned directories that are not writeable by any other user or group, as explained inman sshd_config
(underChrootDirectory
). Inside hischroot
jail, there is a writeable directoryfiles
:sudo groupadd sftponly sudo mkdir -p /home/sftponly/johndoe/files sudo useradd -d /home/sftponly/johndoe -g sftponly -s /usr/sbin/nologin johndoe sudo chmod go-w /home/sftponly/{,johndoe} sudo chown johndoe:sftponly /home/sftponly/johndoe/files sudo chmod ug+rwX /home/sftponly/johndoe/files
(Setting the shell to
/bin/false
did not work with eitherssh
orsftp
. Withnologin
as the shellssh
connects, shows "MOTD", and then disconnects, which is the expected behavior.)But
sftp
fails with the messageReceived message too long 1416128883
. I know this failure is caused by "MOTD" (Message Of The Day), assftp
expects a "clean login." I have tried disabling all "MOTD" pieces on the server using the following, with (these results):Adding
PrintLastLog no
andPrintMotd no
to the end of/etc/ssh/ssh_config
and restartingssh
usingrestart ssh
. (No effect. Testing withssh
shows both "MOTD" and "Last Login:".)Commenting out
session optional pam_motd.so
in/etc/pam.d/sshd
. (Prevents MOTD. But there is no corresponding entry for "LastLog" so, testing withssh
, "Last Login:" still shows up and hencesftp
still fails.)Commenting out
session optional pam_lastlog.so
andsession optional pam_motd.so
in/etc/pam.d/login
. (No effect. Testing withssh
shows both MOTD and "Last Login:".)Creating the
.hushlogin
file on the client usingtouch ~/.hushlogin
. (No effect.)
I am out of ideas. Where else may this "Last Login:" message be coming from and how can it be disabled (ideally only for
sftp
and not forssh
logins, but, I imagine assftp
usesssh
, the message is going to be there either for both or none)? -
Omid about 10 yearsBut this has the unwanted side effect of making
lastlog
unusable on the server. -
taylorthurlow about 6 yearsI'll add to this that I had to edit the line
PrintLastLog yes
tono
instead. I'm not sure what else this setting might change, but it doesn't print the message anymore.