Bash .hushlogin, keep last login time and host

Question

At my company, when I log into some servers, my last login and a huge banner are displayed:

me@my-laptop$ ssh the-server
Last login: Mon Feb  8 18:54:36 2016 from my-laptop.company.com 
************************************************************************
*                                                                      *
*       C O M P A N Y    I N F O R M A T I O N   S Y S T E M S         *
*                                                                      *
* !WARNING!         Your connection has been logged          !WARNING! *
*                                                                      *
* This system is for the use of authorized personnel only.             *
* Individuals using this *computer system without authorization,       *
* or in excess of their authority as determined by the Company         *
* Code of Ethics and  Acceptable Use Policy, are subject to having all *
* of their activities on this system monitored, recorded and/or        *
* terminated by system personnel.                                      *
* If such monitoring reveals possible evidence of criminal  activity,  *
* Company may provide said evidence to law enforcement officials,      *
* in compliance with its confidentiality obligations and all           *
* applicable national laws/regulations with regards to data privacy.   *
*                                                                      *
*      This device is maintained by Company Department                 *
*                  [email protected]                                   *
************************************************************************
me@the-server$ 

Of course, I don't want this huge banner displayed every time I login, but I would like to keep the last login time and host displayed.

If I use touch ~/.hushlogin, the banner is not displayed, but I also lose the last login information. In fact, nothing at all is displayed:

ssh the-server
me@the-server$

How do I remove the banner but keep the last login time and host, like this:

 ssh the-server
 Last login: Mon Feb  8 18:54:36 2016 from my-laptop.company.com
 me@the-server$

Answer 1

One way would be to add the following to ~/.ssh/rc, which contains commands to be run when you ssh into the machine:

lastlog -u $USER | perl -lane 'END{print "Last login: @F[3..6] $F[8] from $F[2]"}'

The command will get the time of your last login from lastlogin and then format it so that it looks like the original version. You can now touch ~/.hushlogin and you will still see that message.

Answer 2

Having your .bash_profile call lastlog -u "$USER" gets you something pretty close. Output looks like:

Username         Port     From             Latest
anthony          pts/7    192.168.XX.YY    Sun Feb  7 16:00:40 -0500 2016

where of course I redacted the IP address.

last -w -n 1 gets a similar record, but from a different database.

Answer 3

The right way to do it is this one:

edit the files: /etc/pam.d/login and /etc/pam.d/sshd and comment these lines:

# Prints the message of the day upon successful login.
# (Replaces the `MOTD_FILE' option in login.defs)
# This includes a dynamically generated part from /run/motd.dynamic
# and a static (admin-editable) part from /etc/motd.
#session    optional   pam_motd.so motd=/run/motd.dynamic
#session    optional   pam_motd.so noupdate

and remove .hushlogin or /etc/huslogin if you "touched" it.

That's all.

Result:

zibris login: zibri
Password: 
Last login: Sun Jul 25 04:41:40 EET 2021 on pts/2
zibri@zibris:~$ 

Cheers :D

Answer 4

On Unix systems there might be no lastlog. Hence I had to combine ideas of @terdon and @Xion345 into one.

On Solaris 8-10 and OpenBSD 4.8 this works good enough:

$ last $USER | perl -lane '!/still logged in/ && print "Last login: @F[3..6] from $F[2]" and last'
Last login: Fri Apr 24 08:36 from xxxxxxxxxx.omnit

You loose the seconds and the year (because last doesn't provide them):

But for HP-UX you need -R to get the hostname part:

$ last -R $USER | perl -lane '...'
Last login: Fri Apr 24 23:58 from 10.xxx.yyy.82

But if you want to get a full hostname + you are on Solaris, you can add -a instead. This way the formatting gets a bit of shuffle:

$ last -a $USER | perl -lane '!/still logged in/ && print "Last login: @F[2..5] from $F[$#F]" and last'
Last login: Fri Apr 24 08:36 from xxxxxxxxxx.omnitel.lan

On OpenBSD you can recover the seconds with -T. And the hostname part is a lot wider by default.

But you cannot easily try all the options in a row, because for some systems they might carry opposite meanings. Eg. Linux:

       -R     Suppresses the display of the hostname field.

... vs HP-UX:

           -R        When used with last and lastb, -R displays the user's
                     host name as it is stored in the files /var/adm/wtmps
                     and /var/adm/btmps, respectively.  The host name is
                     displayed between the tty name and the user's login
                     time.

IOW, there is no easy cross-platform way to script this on unices.