Suppress ssh login banner from broctl output

Description

When using broctl in an environment with login banners, they will be displayed in the broctl command. In the event that they can not be configured away on the sshd end using '-q' avoids displaying the banner on the client side.

The patch is trivial:

— a/BroControl/ssh_runner.py
+++ b/BroControl/ssh_runner.py
@@ -108,6 +108,7 @@ class SSHMaster:
self.base_cmd = [
"ssh",
"-o", "BatchMode=yes",
+ "-q",
host,
]
self.need_connect = True

Environment

None

Activity

Show:
Adam Slagell
January 10, 2016, 4:36 PM

We will merge this before 2.5.

Jon Schipp
March 11, 2016, 4:29 PM

I think the ssh messages are helpful in debugging problems but you're right we probably don't want to see the banner.

Some notes:
The banner prints when sshd_config is set to use the Banner option. Banner happens before authentication. The motd is not printed when the PrintMotd option is used.

root@manager:~# broctl start
starting manager ...
starting proxy-1 ...
starting worker-1 ...
starting worker-2 ...

This BANNER is displaying /etc/issue.net
Ubuntu 14.04.1 LTS

Stopping sshd on node1 will show banner and the informational ssh messages:
root@manager:~# broctl start
manager still running
proxy-1 still running
ssh: connect to host 10.1.1.20 port 22: Connection refused
This BANNER is displaying /etc/issue.net
Ubuntu 14.04.1 LTS
Error: cannot connect to worker-1
worker-2 still running

Stopping sshd on node1 while -q is set in ssh_runner.py yields a "Error: cannot connect", not the ssh errors.
root@manager:~# broctl start
...
Error: cannot connect to worker-1
worker-2 still running

Shutting down the node will yield
root@manager:~# broctl start
...
ssh: connect to host 10.1.1.20 port 22: No route to host
Error: cannot connect to worker-1

Jon Schipp
March 11, 2016, 4:30 PM

Using -o LogLevel=error will suppress the banner but still print the error messages. A happy medium I say. Going to push a new branch with it

Jon Schipp
March 11, 2016, 5:04 PM

I pushed topic/jschipp/broctl-quiet-ssh-banner

Assignee

Daniel Thayer

Reporter

scampbell

Labels

External issue ID

None

Components

Fix versions

Affects versions

Priority

Trivial
Configure