Você pode usar ForceCommand (uma opção de configuração sshd)
Forces the execution of the command specified by ForceCommand, ignoring any command supplied by the client and ~/.ssh/rc if present. The command is invoked by using the user's login shell with the -c option. This applies to shell, command, or subsystem execution. It is most useful inside a Match block. The command originally supplied by the client is available in the SSH_ORIGINAL_COMMAND environment variable. Specifying a command of ''internal-sftp'' will force the use of an in-process sftp server that requires no support files when used with ChrootDirectory. The default is ''none''.
Apenas aponte para o script wrapper que exibirá sua mensagem e, em seguida, execute o shell.
Exemplo de sshd_config (OpenSSH_7.2p2):
Port 22
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
UsePrivilegeSeparation yes
KeyRegenerationInterval 3600
ServerKeyBits 1024
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 120
PermitRootLogin prohibit-password
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM yes
ForceCommand /usr/local/bin/ssh-wrapper
/ usr / local / bin / ssh-wrapper
#!/bin/sh
[ -r "/etc/ssh_banner" ] && cat /etc/ssh_banner
CMD=${SSH_ORIGINAL_COMMAND:+-c $SSH_ORIGINAL_COMMAND}
exec $SHELL -l $CMD
Isso mostrará uma mensagem em / etc / ssh_banner, se este arquivo estiver lá.