This can be do with PAM (Pluggable Authentication Modules). Each program has its own configuration file in /etc/pam.d. This is what /etc/pam.d/sshd looks like by default:
#%PAM-1.0
auth required pam_stack.so
service=system-auth
auth required pam_nologin.so
account required pam_stack.so
service=system-auth
password required pam_stack.so
service=system-auth
session required pam_stack.so
service=system-auth
session required pam_loginuid.so
For consistency, Red Hat configures PAM so that all modules that provide system authentication use stacked authentication rules (/etc/pam.d/system-auth). Since we do not want the message to appear for any other service, we need to change /etc/pam.d/sshd only. We will also add the pam_time lines to prevent SSH logins from 3 to 5 am. This is what it would look like:
#%PAM-1.0
account required pam_time.so
auth required pam_stack.so
service=system-auth
auth required pam_nologin.so
account required pam_stack.so
service=system-auth
password required pam_stack.so
service=system-auth
session required pam_stack.so
service=system-auth
session required pam_loginuid.so
session required pam_motd.so
motd=/etc/sshmotd
Now all we need to do is put the message of the day in /etc/sshmotd and add the following to /etc/security/time.conf:
sshd;*;*;!Al0300-0500
Note: We should be very careful with PAM, as it is a very powerful authentication mechanism that can lock even root out of the system. I recommend that you first try any changes in a testing environment.
--
