Disable motd news or (parts of) the dynamic motd on Ubuntu
Published: 18-03-2019 | Last update: 19-03-2019 | Author: Remy van Elst | Text only version of this article
Table of Contents
On Ubuntu 18.04 and up, when you login via SSH you are greeted with some news
motd (message of the day) that includes advertisements and messages from
motd.ubuntu.com). This small guide shows you how to disable
news, (parts of) the dynamic motd or just revert back to a plain old
Since 2009 Ubuntu has had a dynamic
motd. It uses a bunch of files and scripts
/etc/update-motd/ to construct a message. I think since Ubuntu 17.04, but
I'm not sure, the online service was introduced. It's just a webpage that your
server checks every 12 hours and puts in a file that ends up in your
motd. You can visist motd.ubuntu.com in your browser to check the current
news. (But why would you when it's in your face when you login)
The dynamic motd page in a browser
Here's what it currently looks like:
Welcome to Ubuntu 18.04.2 LTS (GNU/Linux 4.15.0-43-generic x86_64) * Documentation: https://help.ubuntu.com * Management: https://landscape.canonical.com * Support: https://ubuntu.com/advantage System information as of Mon Mar 18 05:58:11 UTC 2019 System load: 0.11 Processes: 100 Usage of /: 40.1% of 24.06GB Users logged in: 0 Memory usage: 45% IP address for eth0: 10.184.24.87 Swap usage: 0% => There is 1 zombie process. * Ubuntu's Kubernetes 1.14 distributions can bypass Docker and use containerd directly, see https://bit.ly/ubuntu-containerd or try it now with snap install microk8s --channel=1.14/beta --classic Get cloud support with Ubuntu Advantage Cloud Guest: http://www.ubuntu.com/business/services/cloud * Canonical Livepatch is available for installation. - Reduce system reboots and improve kernel security. Activate at: https://ubuntu.com/livepatch 0 packages can be updated. 0 updates are security updates.
Lot's of useful information (load, zombie processes, reboot required, updates), but also stuff I'm not interested in (Canonical live patching, support kubernetes).
It's also a way for canonical to measure how many ubuntu servers there are
active. If every server connects at least every 12 hours back to the mothership,
they will be able to get measurements on when and where Ubuntu is used. Nothing
wrong with that, but I don't like the fact that they shoved it in via the
motd. Yes it could be useful for a
heartbleed scale problem but my guess is
that this was aimed at metrics for Canonical first and they sought an excuse why
users might want it later. But again, nothing wrong with that. They let you
disable it and are open about it.
Disabling motd news
Disabling the news part (the pingback to canonical) is simple. Edit the following file:
That's it for the small news part. If you dont want to see the other messages you need to disable those as well.
Disabling parts of the dynamic motd
/etc/update-motd.d there are a bunch of scripts:
ls /etc/update-motd.d/ 00-header 50-motd-news 80-livepatch 95-hwe-eol 98-reboot-required 10-help-text 51-cloudguest 90-updates-available 97-overlayroot 50-landscape-sysinfo 80-esm 91-release-upgrade 98-fsck-at-reboot
Some of them are useful for system information or to see if your ubuntu version is still supported, but a few are, if you're not using canonical services, IMHO not useful. These scripts must be executable according to the manpage. By removing the execute bit you can have some scripts not shown in your dynamic motd:
chmod -x /etc/update-motd.d/80-livepatch chmod -x /etc/update-motd.d/51-cloudguest chmod -x /etc/update-motd.d/10-help-text
I do find it usefull to have some information in my motd, so with these three disabled, the canonical spam is gone and actual information remains:
Welcome to Ubuntu 18.04.2 LTS (GNU/Linux 4.15.0-43-generic x86_64) System information as of Mon Mar 18 06:27:15 UTC 2019 System load: 0.12 Processes: 101 Usage of /: 40.0% of 24.06GB Users logged in: 0 Memory usage: 42% IP address for eth0: 10.184.24.87 Swap usage: 0% => There is 1 zombie process. 0 packages can be updated. 0 updates are security updates. *** System restart required *** Last login: Mon Mar 18 06:27:00 2019 from 22.214.171.124
Disabling dynamic motd entirely
There seems to be not dynamic motd systemd service:
systemctl list-unit-files | grep motd motd-news.service static motd.service masked motd-news.timer enabled
and on my system there was no actual
/etc/motd file, just the dynamic scripts.
But the manpage states that
pam is responsible for the motd so let's check
grep motd /etc/pam.d/* /etc/pam.d/login:session optional pam_motd.so motd=/run/motd.dynamic /etc/pam.d/login:session optional pam_motd.so noupdate [...] /etc/pam.d/sshd:session optional pam_motd.so motd=/run/motd.dynamic /etc/pam.d/sshd:session optional pam_motd.so noupdate
The manpage says the following:
pam_motd is a PAM module that can be used to display arbitrary motd (message of the day) files after a successful login. By default the /etc/motd file is shown [...] The suggested usage for /etc/pam.d/login is: session optional pam_motd.so motd=/etc/motd [...] noupdate Don't run the scripts in /etc/update-motd.d to refresh the motd file.
Comment out the first line from the two
#session optional pam_motd.so motd=/run/motd.dynamic
Place something in the
/etc/motd file to test:
echo "Can't touch this!" > /etc/motd
Try logging in now. On my system, I got the message twice on my terminal. Why?
OpenSSH, by default sets the
PrintMotd option to
PrintMotd Specifies whether sshd(8) should print /etc/motd when a user logs in interactively. (On some systems it is also printed by the shell, /etc/profile, or equivalent.) The default is "yes".
Change that to
no to have
pam do the motd printing.
Disabling the entire
dynamic-motd can be done by commenting out two lines in
session optional pam_motd.so motd=/run/motd.dynamic session optional pam_motd.so noupdate
OpenSSH handle the
motd. You need to put stuff in
yourself for that to work.
OpenSSH does this by default if that file exists.
Disabling specific parts of the dynamic motd can be done by removing scripts (or
making them not executable) in
Disabling the pingback to the canonical mothership, the
motd-news part can be
done by changing
Never thought that a simple message on your console could be so complex and used for statistics and spam.Tags: bash , canonical , dynamic-motd , motd , openssh , pam , security , ssh , tutorials , ubuntu