[SOLVED] Console welcome banner incorrect IP

Tmanok

Renowned Member
HI everyone,

This could easily affect more than PBS (e.g. PVE) without me having seen this behaviour before, but PBS 2.0-10 welcome banner on console is stating the old/original IP that it was installed with. After moving it to a new physical location on a different network, on a different subnet, with a different IP, and multiple reboots, it is still displaying the old IP.

Old IP: 192.168.60.116
New IP: 192.168.0.161

Banner attached with ip a.
Thanks!


Triston
 

Attachments

  • Incorrect banner IP.png
    Incorrect banner IP.png
    8.7 KB · Views: 114
Hi,
This could easily affect more than PBS (e.g. PVE) without me having seen this behaviour before, but PBS 2.0-10 welcome banner on console is stating the old/original IP that it was installed with. After moving it to a new physical location on a different network, on a different subnet, with a different IP, and multiple reboots, it is still displaying the old IP.
If you adapted the IP then you need to adapt /etc/hosts and/or change the DNS entry for that host too, as the banner only resolves the hostname and uses that as IP.
 
When editing the network configuration in the Web GUI, does that not edit the hosts file automatically? If it owns its own name record then why wouldn't it update the IP and the domain name resolution?

Thank you for your explanation about how the banner is generated and your patience with my follow-up questions. :)


Tmanok
 
When editing the network configuration in the Web GUI, does that not edit the hosts file automatically?
No, as you can have an arbitrary amount of ip addresses/networks configured on a PVE host (e.g., to separate the migration or cluster network, for example), only the admin can know that. But yes, in some simpler case it could maybe even be switched automatically in a sensible way, not happening currently though.
 
No, as you can have an arbitrary amount of ip addresses/networks configured on a PVE host (e.g., to separate the migration or cluster network, for example), only the admin can know that. But yes, in some simpler case it could maybe even be switched automatically in a sensible way, not happening currently though.
Ok no that's fair actually, my thoughts were surrounding PBS in particular, but given that they likely share many backend systems including the network configuration menu/system, that should come as no surprise to me. Thanks for following up so soon, have a great day TL!

Tmanok
 
Hi,

If you adapted the IP then you need to adapt /etc/hosts and/or change the DNS entry for that host too, as the banner only resolves the hostname and uses that as IP.
Apologies for necroing this thread, this is a follow-on question to your answer.

It sounds like you are saying the `/etc/issue` file is supposed to auto-update when the `/etc/hosts` file is modified. This is not happening on any of my Proxmox-ve hosts (I've run versions 4-7), and I must manually execute the `/usr/bin/pvebanner` script to re-generate the `/etc/issue` file.

What can I do to have this happen automatically upon editing the `/etc/hosts` file?

Additionally, I would like to add the `Last login:` line to the `/etc/issue` file so it shows on login for physical access as well as remote access (see Tmanok's first screenshot for examples of how ssh/remote and physical terminal banners are different).
 
It sounds like you are saying the `/etc/issue` file is supposed to auto-update when the `/etc/hosts` file is modified.
Well, it does, but only once on boot up.
What can I do to have this happen automatically upon editing the `/etc/hosts` file?
You could do that by creating a systemd path unit and overriding the RemainAfterExit of the pvebanner.service to no, e.g.:

cat /usr/local/lib/systemd/system/pvebanner.path

Code:
[Path]
PathModified=/etc/hosts

[Install]
WantedBy=multi-user.target

(file name is important)

Then override the banner service
systemctl edit pvebanner.service

An editor opens, there add:
Code:
[Service]
RemainAfterExit=no

Save and stop the old pvebanner service once: systemctl stop pvebanner.service

Then enable and start that the path service
systemctl enable --now pvebanner.path

Test editing /etct/hosts and check with systemctl status pvebanner.service if it actually started afterwards.

Using something like inotify-watch could be a different option.

Additionally, I would like to add the `Last login:` line to the `/etc/issue` file so it shows on login for physical access as well as remote access (see Tmanok's first screenshot for examples of how ssh/remote and physical terminal banners are different).
That isn't normally done by /etc/issue, as that always shows up already before an actual login happened to anybody, and also isn't refreshed once after the console outputted it (iow. started).

The line from the screenshot comes actually from PAM, namely the pam_lastlog.so that's by default enabled in /etc/pam.d/login (I heavily recommend against messing with PAM config if unsure!).

You could use /etc/motd (message of the day), as that is displayed after a successful login but just before it executes the login shell, but is constrained for static text.

On Debian based systems you normally got also the possibility to place shell scripts in /etc/update-motd.d/, which are executed on login displaying their output, for example, if you want to display the last 5 logins that happened you could do something like:

Code:
printf '#!/bin/sh\nlast -5\n' > /etc/update-motd.d/100-last-logins
chmod +x /etc/update-motd.d/100-last-logins
 
  • Like
Reactions: gb00s and Tmanok
Very well said, Thomas. You taught me something today too!

I've never witnessed this before: systemctl enable --now pvebanner.path
Very neat.

Also, I recommend the /etc/update-motd.d/###-script-name methodology of displaying dynamic login text. I do this for system load and health (sensors, disks, link statuses etc) upon login for example. Landscape on Ubuntu really inspired me to use that functionality.

Cheers,


Tmanok
 
  • Like
Reactions: t.lamprecht

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!