/etc/motd printing twice on Gentoo Linux
Question
I've run into a problem where I'm getting two printouts of my /etc/motd file on Gentoo Linux. sshd is doing one of the printouts, and I can toggle that by configuring /etc/ssh/sshd_config, but I can't find out who's printing the second copy. I can't disable sshd from printing out the motd due to an audit requirement. I'm running the bash shell, for what it's worth
Any ideas who's printing the second copy? I don't think it's bash, as when I change /etc/passwd to use /bin/ksh for my shell, I still get the motd displayed.
It's not /etc/issue, as that contains the string "This is \n (\s \m \r) (\l)", which is printed only when you're sitting in front of the machine.
Solution
Looks like the answer was in the /etc/pam.d/login and /etc/pam.d/system-login files. I had to comment out the pam_motd.so lines.
OTHER TIPS
Are you login from SSH connection??.. If so, maybe you must enable and set to no the key "PrintMotd No" on your sshd_config file and restart the service...
I had this problem too, and what was troubling to me was not the double-motd, it was the double "Last login" lines with the second referring back to the login event just above it.
I thought it might indicate foul play of some sort, as if my login were being re-directed or piped through some spyware or something.
Here is what the bottom 5 lines of my /etc/pam.d/system-login looks like:
session required pam_env.so
#session optional pam_lastlog.so
session include system-auth
#session optional pam_motd.so motd=/etc/motd
session optional pam_mail.so
Note the commented-out lines. Everything works as expected now. Thanks, Daniel.
Also check out /etc/issue, some systems print both and they might just contain the same text. Note that I don't use gentoo so this might not be the case.
In addition to commenting out the pam_motd.so lines, don't forget to also comment out the following lines in /etc/pam.d/login and /etc/pam.d/system-login:
session optional pam_lastlog.so
Like this, the "last login" line gets printed once instead of twice.
I think it would make more sense to make sure that the only component that prints MOTD is PAM. This way you can disable it everywhere else and still comply with your audit requirement.
Just my $0.02.
When I had this problem, I learned it was a combination of settings active when the system had been issued to me. The first copy of the message was printed before SSH authentication happened, and was due to SSH's Banner
option being set in sshd_config:
Banner /etc/motd
A misuse of MOTD more than a misuse of Banner
.
The second copy of the message was printed because in its default configuration, SSH prints the MOTD upon login. I disable that by setting PrintMotd
:
PrintMotd no
I had the same issue with Ubuntu 15.04 and SSHD configured to use PAM Authentication. My server was sending two MOTD. I managed to make it work nicely by letting SSHD refreshing the MOTD at each login. This is done by editing /etc/pam.d/sshd and removing/commenting the line which says noupdate
.
# Print the message of the day upon successful login.
# This includes a dynamically generated part from /run/motd.dynamic
# and a static (admin-editable) part from /etc/motd.
session optional pam_motd.so motd=/run/motd.dynamic
#session optional pam_motd.so noupdate
The drawback is that if the process of refreshing this message takes a while (or CPU time) logging in could waste some resource, appear to take a while or even timeout.
However, the basic default MOTD as configured out of the box in Ubuntu 15.04 should not cause trouble.
It is probably being done from the shell itself. Check the global profile and bashrc to see if this might be the case.
To allow only the pam_motd.so module to print the motd set the MOTD variable in /etc/login.defs to an empty string.
MOTD_FILE ""