Skip to main content

Disable motd news or (parts of) the dynamic motd on Ubuntu

Published: 18-03-2019 | Last update: 19-03-2019 | Author: Remy van ElstText only version of this article


Table of Contents


On Ubuntu 18.04 and up, when you login via SSH you are greeted with some news via motd (message of the day) that includes advertisements and messages from Canonical (via motd.ubuntu.com). This small guide shows you how to disable news, (parts of) the dynamic motd or just revert back to a plain old /etc/motd file.

If you like this article, consider sponsoring me by trying out a Digital Ocean VPS. With this link you'll get a $5 VPS for 2 months free (as in, you get $10 credit). (referral link)

(Dynamic) motd

Since 2009 Ubuntu has had a dynamic motd. It uses a bunch of files and scripts in /etc/update-motd/ to construct a message. I think since Ubuntu 17.04, but I'm not sure, the online service was introduced. It's just a webpage that your server checks every 12 hours and puts in a file that ends up in your motd. You can visist motd.ubuntu.com in your browser to check the current news. (But why would you when it's in your face when you login)

The dynamic motd page in a browser

Here's what it currently looks like:

Welcome to Ubuntu 18.04.2 LTS (GNU/Linux 4.15.0-43-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

  System information as of Mon Mar 18 05:58:11 UTC 2019

  System load:  0.11               Processes:           100
  Usage of /:   40.1% of 24.06GB   Users logged in:     0
  Memory usage: 45%                IP address for eth0: 10.184.24.87
  Swap usage:   0%                 

  => There is 1 zombie process.

 * Ubuntu's Kubernetes 1.14 distributions can bypass Docker and use containerd
   directly, see https://bit.ly/ubuntu-containerd or try it now with

     snap install microk8s --channel=1.14/beta --classic

  Get cloud support with Ubuntu Advantage Cloud Guest:
    http://www.ubuntu.com/business/services/cloud

 * Canonical Livepatch is available for installation.
   - Reduce system reboots and improve kernel security. Activate at:
     https://ubuntu.com/livepatch

0 packages can be updated.
0 updates are security updates.

Lot's of useful information (load, zombie processes, reboot required, updates), but also stuff I'm not interested in (Canonical live patching, support kubernetes).

It's also a way for canonical to measure how many ubuntu servers there are active. If every server connects at least every 12 hours back to the mothership, they will be able to get measurements on when and where Ubuntu is used. Nothing wrong with that, but I don't like the fact that they shoved it in via the motd. Yes it could be useful for a heartbleed scale problem but my guess is that this was aimed at metrics for Canonical first and they sought an excuse why users might want it later. But again, nothing wrong with that. They let you disable it and are open about it.

Disabling motd news

Disabling the news part (the pingback to canonical) is simple. Edit the following file:

vim /etc/default/motd-news

Change ENABLED=1 to ENABLED=0.

That's it for the small news part. If you dont want to see the other messages you need to disable those as well.

Disabling parts of the dynamic motd

In /etc/update-motd.d there are a bunch of scripts:

ls /etc/update-motd.d/
00-header             50-motd-news   80-livepatch          95-hwe-eol         98-reboot-required
10-help-text          51-cloudguest  90-updates-available  97-overlayroot
50-landscape-sysinfo  80-esm         91-release-upgrade    98-fsck-at-reboot

Some of them are useful for system information or to see if your ubuntu version is still supported, but a few are, if you're not using canonical services, IMHO not useful. These scripts must be executable according to the manpage. By removing the execute bit you can have some scripts not shown in your dynamic motd:

chmod -x /etc/update-motd.d/80-livepatch
chmod -x /etc/update-motd.d/51-cloudguest
chmod -x /etc/update-motd.d/10-help-text

I do find it usefull to have some information in my motd, so with these three disabled, the canonical spam is gone and actual information remains:

Welcome to Ubuntu 18.04.2 LTS (GNU/Linux 4.15.0-43-generic x86_64)

  System information as of Mon Mar 18 06:27:15 UTC 2019

  System load:  0.12               Processes:           101
  Usage of /:   40.0% of 24.06GB   Users logged in:     0
  Memory usage: 42%                IP address for eth0: 10.184.24.87
  Swap usage:   0%                 

  => There is 1 zombie process.

0 packages can be updated.
0 updates are security updates.


*** System restart required ***
Last login: Mon Mar 18 06:27:00 2019 from 192.10.20.30

Disabling dynamic motd entirely

I'm unsure how to actually do this since the documentation is not that clear about it. The manpage for dynamic motd refers to the manpage for pam_motd and both are unclear.

There seems to be not dynamic motd systemd service:

systemctl list-unit-files | grep motd
motd-news.service                      static
motd.service                           masked
motd-news.timer                        enabled

and on my system there was no actual /etc/motd file, just the dynamic scripts.

But the manpage states that pam is responsible for the motd so let's check there:

grep motd /etc/pam.d/*
/etc/pam.d/login:session    optional   pam_motd.so motd=/run/motd.dynamic
/etc/pam.d/login:session    optional   pam_motd.so noupdate
[...]
/etc/pam.d/sshd:session    optional     pam_motd.so  motd=/run/motd.dynamic
/etc/pam.d/sshd:session    optional     pam_motd.so noupdate

The manpage says the following:

pam_motd is a PAM module that can be used to display arbitrary motd (message of the day)
   files after a successful login. By default the /etc/motd file is shown
[...]
 The suggested usage for /etc/pam.d/login is:
       session  optional  pam_motd.so  motd=/etc/motd
[...]
noupdate
           Don't run the scripts in /etc/update-motd.d to refresh the motd file.

Comment out the first line from the two pam.d files:

#session    optional     pam_motd.so  motd=/run/motd.dynamic

Place something in the /etc/motd file to test:

echo "Can't touch this!" > /etc/motd

Try logging in now. On my system, I got the message twice on my terminal. Why? Because OpenSSH, by default sets the PrintMotd option to yes:

PrintMotd
   Specifies whether sshd(8) should print /etc/motd when a user logs in interactively.
   (On some systems it is also printed by the shell, /etc/profile, or equivalent.)  The
   default is "yes".

Change that to no to have pam do the motd printing.

Conclusion

Disabling the entire dynamic-motd can be done by commenting out two lines in /etc/pam.d/sshd:

session    optional     pam_motd.so  motd=/run/motd.dynamic
session    optional     pam_motd.so noupdate

and letting OpenSSH handle the motd. You need to put stuff in /etc/motd yourself for that to work. OpenSSH does this by default if that file exists.

Disabling specific parts of the dynamic motd can be done by removing scripts (or making them not executable) in /etc/update-motd.d/.

Disabling the pingback to the canonical mothership, the motd-news part can be done by changing ENABLED=1 to ENABLED=0 in /etc/default/motd-news.

Never thought that a simple message on your console could be so complex and used for statistics and spam.


Tags: bash  canonical  dynamic-motd  motd  openssh  pam  security  ssh  tutorials  ubuntu