When I was installing a new server I thought that it would be nice
to have the server display a nice banner when I contact it.
With OpenSSH this is rather easy to achieve. Just setting the
Banner option in /etc/ssh/sshd_config should do the trick.
I also thought it would be nice to have the servername displayed,
created with Figlet. So when I login
the screen should look something like this:
_ __ ___ _ _ ___ ___ _ ____ _____ _ __
| '_ ` _ \| | | / __|/ _ \ '__\ \ / / _ \ '__|
| | | | | | |_| \__ \ __/ | \ V / __/ |
|_| |_| |_|\__, |___/\___|_| \_/ \___|_|
|___/
I set this all up and when I logged in the screen looked like:
_ __ ___ _ _ ___ ___ _ ____ _____ _ __
| '_ ` _ \\| | | / __|/ _ \\ '__\\ \\ / / _ \\ '__|
| | | | | | |_| \\__ \\ __/ | \\ V / __/ |
|_| |_| |_|\\__, |___/\\___|_| \\_/ \\___|_|
|___/
I guess you can understand it’s not what I wanted. All backslashes are doubled, hmmm weird.
Poking around in the system (CentOS 5.4) seemed to lead me to
the mingetty command, because that’s what’s used to login.
In the source code of mingetty I found:
if ((fd = fopen (ISSUE, "r"))) {
while ((c = getc (fd)) != EOF) {
if (c == '\\')
output_special_char (getc(fd));
else
putchar (c);
}
fflush (stdout);
fclose (fd);
}
so that could be it.
As a test I put a mingetty escape sequence in the /etc/issue file,
but that showed up completely the same, no mingetty translation.
So that’s not it. Not that many options left. Maybe the OpenSSH server
displaying the backslashes the wrong way.
Tracing the OpenSSH server source code showed that it couldn’t be that
one, because the Banner file is just sent by an atomic write.
But, if it’s not the server, maybe it’s the client. Another source code scan
of the OpenSSH stuff revealed the culprit. In the file sshconnect2.c the
function input_userauth_banner displays the banner, sent from the server.
On line 417 (in my source tree, OpenSSH version 5.3p1) it says
strnvis(msg, raw, len * 4 + 1, VIS_SAFE|VIS_OCTAL);
So “unsafe” characters and “octal” characters are encoded. The man page of
strnvis states:
There is one additional flag, VIS_NOSLASH, which inhibits
the doubling of backslashes and the backslash before the
default format
So I changed the line to
strnvis(msg, raw, len * 4 + 1, VIS_SAFE|VIS_OCTAL|VIS_NOSLASH);
recompiled SSH and reconnected to my new, shiny server.
Hurray, problem solved.
Checking the Internet I found out that someone already found this bug and checked it in with the OpenSSH developers (about an hour before I tried to check it in). It will be resolved in version 5.4, but it can still take some time to find it’s way into all distributions.