How to Suppress SSH Login Banner in OpenSSH Client Configuration for Non-Interactive Sessions


48 views

When connecting to servers with sshd_config banners, developers often need clean output for automation scripts. The default banner display interferes with non-interactive sessions and output parsing.


# Basic quiet mode (suppresses too much)
ssh -q user@host

# LogLevel adjustment (loses useful info)
ssh -o LogLevel=ERROR user@host

While these solutions work, they're blunt instruments that suppress more output than necessary.

For targeted banner suppression without affecting other messages:


# Add to ~/.ssh/config
Host *
    RequestTTY no
    LogLevel INFO

This configuration:

  • Only suppresses banner for non-interactive sessions
  • Preserves other important INFO-level messages
  • Works without server-side modifications

For specific host patterns:


Host production-*
    RequestTTY auto
    LogLevel INFO
    PreferredAuthentications publickey

Host ci-*
    RequestTTY no
    LogLevel INFO

Test with automation scripts:


#!/bin/bash
output=$(ssh -T ci-server-01 "echo 'Test command'")
echo "Clean output: $output"

For one-off commands where configuration isn't practical:


ssh -T -o "RequestTTY no" user@host "your_command"

When automating SSH connections or running non-interactive sessions, server-side banners can become more of a nuisance than a security feature. These messages appear before authentication and often contain legal notices or system information that breaks scripted workflows.

Since you don't have sshd_config access to disable Banner or PrintMotd on the server, here are precise client-side solutions:

# Option 1: Quiet mode (suppresses ALL non-error messages)
ssh -q user@host.example.com

# Option 2: LogLevel adjustment (affects multiple message types)
ssh -o "LogLevel ERROR" user@host.example.com

For targeted banner suppression without losing other useful messages, create a wrapper script:

#!/bin/bash
exec ssh -o "LogLevel ERROR" "$@" 2>&1 | grep -v "BEGIN SSH BANNER\|END SSH BANNER"

# Alternative using expect:
#!/usr/bin/expect -f
spawn ssh -l $user $host
expect_background {
    "BEGIN SSH BANNER" { exp_continue }
    "END SSH BANNER" { exp_continue }
}
interact

Add this to your ~/.ssh/config for persistent settings:

Host specific-server
    HostName host.example.com
    User myusername
    LogLevel ERROR
    # Alternative regex-based approach
    ProxyCommand sh -c "ssh -q -W %h:%p gateway.example.com | sed '/SSH banner text/d'"

OpenSSH 7.8+ supports channel-specific logging control. Combine with RequestTTY no for non-interactive sessions:

ssh -o "SessionType=none" -o "RequestTTY=no" user@host