KB ID 0001346
Problem
Before you create your logon banner it’s important to understand;
- Where you want it to appear.
- What the underlying file is actually called (on ESXi).
For access to the vSphere Web client (including the Flash client), the setting you want is ”Login Banner’ (Note: vCenter 6.0.Update2 or higher is required);
Using this you CAN FORCE, (but you don’t have to) a user to tick “I Agree..” to your banner before they can login.
This does not mean that vCenter does not have ‘Message of the Day’, it does, it just behaves a little differently, i.e.
With the ESXi hosts there are essentially TWO files we are concerned with, the etc/issue file and the etc/motd* file, and they display in two subtly different places.
*Note: MOTD stands for message of the day.
The ‘Issue‘ File
The ‘motd‘ file
You can use either one, (or both) to suit your requirements.
Solution
Logon Banner Text Example
What you actually put in the banners is up to you, here are a couple of examples I’ve used in the past, feel free to copy and adapt them to suit your own requirements.
Example 1
[box]
/-------------------------------------------------------------\ | ! WARNING ! | | Notice to All Users (Both Authorised or Unauthorised) | | | | You have accessed a private computer network. | | Unauthorised access or use of this system is prohibited. | | | | If you are not authorised to use this system | | please terminate access immediately. | | | | Any or all uses of this system and all data on this | | system may be intercepted, monitored, recorded, copied, | | audited, inspected, and disclosed to authorised sites | | and law enforcement personnel, as well as authorised | | officials of other agencies. By using this system, the | | user consent to such disclosure at the discretion of | | authorised site personnel. Unauthorised or improper use | | of this system may result in administrative disciplinary | | action, civil and criminal penalties. By continuing to | | use this system you indicate your awareness of and | | consent to these terms and conditions of use. STOP | | IMMEDIATELY!!! if you do not agree to the conditions | | stated in this warning. | \-------------------------------------------------------------/
[/box]
Example 2
[box]
********************************************** *** You are responsible for all activity *** *** Performed on this device *** *** All config changes are logged *** *** *** *** For further Information *** *** Please Contact either *** *** IT Manager *** *** or *** *** Pete Long *** **********************************************
[/box]
Adding the vSphere Web Client Banner/Terms and Conditions
To get access to these settings you need to log into your PSC (Platform Services Controller).
https://{FQDN of vCenter or PSC}/psc
Configuration > Login Banner > Edit > Tick ‘Enabled‘ > Tick ‘Checkbox Consent‘, (to force them to tick “I Agree..”) > Enter a Title and the message/banner test to display > OK.
Adding the vSphere Web Client MOTD
Log into vSphere Select the vCenter> Configuration >Message of the Day > Edit > Type in the text.
Note: Remember this displays as a popup for users logged into vCenter, but as a ‘nag-message’ for anyone login in in future.
Changing the ESX ‘Issue’ Banner
Log onto the ESX server > issue the following command ‘vi /etc/issue‘ > Paste in your text > Save and exit the file > Restart the SSH daemon with the following command ‘/etc/init.d/SSH restart’.
Changing the ESX ‘MOTD’ Banner
Log onto the ESX server > issue the following command ‘vi /etc/motd‘ > Paste in your text > Save and exit the file > Restart the SSH daemon with the following command ‘/etc/init.d/SSH restart’.
Changing Issue and MOTD banners from the vSphere Client
Yes you can do this in the vSphere client, the problem is, you can only paste on a block of text, so the fancy formatting I put in above will be lost. If that’s not a problem for you, then open the vSphere Client > Hosts and Clusters > Select the Host > Configure > Advanced System Settings > Edit > Search for ‘Config.etc’ > Chang the Config.etc.issue and/or Config.etc.motd files as required.