0

I have an /etc/issue file that contains some ANSI color codes on a Linux development board. When I connect from serial terminal, everything shows up perfectly. However, when I connect from SSH, the ESC character replaced by "\033" and not recognized by the receiving side, thereby preventing the ANSI code from taking effect. How can I fix that?

Improve this question
1
  • 1
    In ssh set properly the TERM
    – Romeo Ninov
    Commented Jul 11, 2023 at 8:36

1 Answer 1

Reset to default
1

How can I fix that?

You don't. Most SSH clients (certainly OpenSSH) deliberately prevent ANSI codes from being output in the pre-login banner, so that an untrusted server could not potentially send harmful codes to the client – there's nothing you can do to change that from server side (that's kind of the point).

Suggestions:

  1. Keep two copies of the banner, a fancy one in /etc/issue for console/serial logins and a plain monochrome banner in something like /etc/ssh/issue.net for SSH (the path is configurable).

  2. Stop using the SSH banner for graphics in general. (Honestly, a large pre-connection banner gets annoying if one needs to SSH to a server frequently.) Move fancy logos to the post-login /etc/motd instead.

Improve this answer
4
  • An untrusted and compromised server can send arbitrary codes to the client to display, after (faking) a successful login, pretending that the data comes from motd or the user's shell. So I don't quite understand this point. If you have further data, could you please elaborate? I'd be happy to learn more about the issue (no pun intended). Terminal emulators have to be smart enough never to do arbitrarily stupid things upon receiving maliciously crafted data.
    – egmont
    Commented Jul 11, 2023 at 10:33
  • 1
    @egmont: Good question, I was pretty sure I had read about this being a security thing (not sure if it was the PuTTY commit log or the OpenSSH one), but now all I can track down is github.com/openssh/openssh-portable/commit/….
    – grawity_u1686
    Commented Jul 11, 2023 at 10:45
  • It's not too much :) Thanks anyway! :) [A year or two ago there was a bug discovered that the scp client would display raw filenames, including escape characters if any. That obviously lead to unexpected and confusing behavior. But ssh by its very nature has to allow control chars through, so it's a different story.]
    – egmont
    Commented Jul 11, 2023 at 10:51
  • 1
    @egmont: I think I was remembering git.tartarus.org/?p=simon/… and git.tartarus.org/?p=simon/… which were preceded by git.tartarus.org/?p=simon/…
    – grawity_u1686
    Commented Jul 11, 2023 at 11:40

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .