VMware vSphere and ESXi – Create a ‘Logon Banner’

KB ID 0001346 

Problem

Before you create your logon banner it’s important to understand;

  • Where you want it to appear.
  • What the underlying file is actually called (on ESXi).

For access to the vSphere Web client (including the Flash client), the setting you want is ”Login Banner’ (Note: vCenter 6.0.Update2 or higher is required);

vSphere Legal Notice Banner

Using this you CAN FORCE, (but you don’t have to) a user to tick “I Agree..” to your banner before they can login.

This does not mean that vCenter does not have ‘Message of the Day’, it does, it just behaves a little differently, i.e.

How vCenter MOTD Displays

With the ESXi hosts there are essentially TWO files we are concerned with, the etc/issue file and the etc/motd* file, and they display in two subtly  different places.

*Note: MOTD stands for message of the day.

The ‘Issue‘ File

ESX Logon Issue Banner

The ‘motd‘ file

ESX Logon MOTD Banner

You can use either one, (or both) to suit your requirements. 

Solution

Logon Banner Text Example

What you actually put in the banners is up to you, here are a couple of examples I’ve used in the past, feel free to copy and adapt them to suit your own requirements.

Example 1

/-------------------------------------------------------------\
|                      ! WARNING !                            |
|   Notice to All Users (Both Authorised or Unauthorised)     |
|                                                             |
|       You have accessed a private computer network.         |
|  Unauthorised access or use of this system is prohibited.   |
|                                                             |
|       If you are not authorised to use this system          |
|           please terminate access immediately.              |
|                                                             |
|     Any or all uses of this system and all data on this     |
|    system may be intercepted, monitored, recorded, copied,  |
|     audited, inspected, and disclosed to authorised sites   |
|     and law enforcement personnel, as well as authorised    |
|    officials of other agencies. By using this system, the   |
|     user consent to such disclosure at the discretion of    | 
|   authorised site personnel. Unauthorised or improper use   |
|  of this system may result in administrative disciplinary   |
|   action, civil and criminal penalties. By continuing to    | 
|     use this system you indicate your awareness of and      | 
|     consent to these terms and conditions of use. STOP      | 
|    IMMEDIATELY!!! if you do not agree to the conditions     | 
|                   stated in this warning.                   |
\-------------------------------------------------------------/

Example 2

**********************************************
***   You are responsible for all activity ***
***          Performed on this device      ***
***       All config changes are logged    ***
***                                        ***
***       For further Information          ***
***        Please Contact either           ***
***              IT Manager                ***
***                 or                     ***
***              Pete Long                 ***
**********************************************

Adding the vSphere Web Client Banner/Terms and Conditions

To get access to these settings you need to log into your PSC (Platform Services Controller).

https://{FQDN of vCenter or PSC}/psc

Configuration > Login Banner > Edit > Tick ‘Enabled‘ > Tick ‘Checkbox Consent‘, (to force them to tick “I Agree..”) > Enter a Title and the message/banner test to display > OK.

vSphere PSD Logon Banner

Adding the vSphere Web Client MOTD

Log into vSphere Select the vCenter> Configuration >Message of the Day > Edit > Type in the text.

MOTD vCenter

Note: Remember this displays as a popup for users logged into vCenter, but as a ‘nag-message’ for anyone login  in in future.

Changing the ESX ‘Issue’ Banner

Log onto the ESX server > issue the following command ‘vi /etc/issue‘ > Paste in your text > Save and exit the file > Restart the SSH daemon with the following command ‘/etc/init.d/SSH restart’.

vSphere Logon Issue Warning

Changing the ESX ‘MOTD’ Banner

Log onto the ESX server > issue the following command ‘vi /etc/motd‘ > Paste in your text > Save and exit the file > Restart the SSH daemon with the following command ‘/etc/init.d/SSH restart’.

vSphere MOTD Warning

Changing Issue and MOTD banners from the vSphere Client

Yes you can do this in the vSphere client, the problem is, you can only paste on a block of text, so the fancy formatting I put in above will be lost. If that’s not a problem for you, then open the vSphere Client > Hosts and Clusters > Select the Host > Configure > Advanced System Settings > Edit > Search for ‘Config.etc’ > Chang the Config.etc.issue and/or Config.etc.motd files as required.

vSphere Set MOTD Banner

 

Related Articles, References, Credits, or External Links

Using the VI Editor (For Windows Types)

Author: PeteLong

Share This Post On

1 Comment

Submit a Comment

Your email address will not be published. Required fields are marked *