[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] SSHD reports version info!?

Subject: [ale] SSHD reports version info!?
From: ron at Opus1.COM (Ronald Chmara)
Date: Thu Feb 19 03:48:55 2004
In-reply-to: <[email protected]>
References: <[email protected]>

On Feb 19, 2004, at 2:39 AM, Kevin Krumwiede wrote:
> (I posted this to the debian-user list but it never showed up.)
>
> When I telnet to port 22 on my 3.0r2 server, I see this:
>
> SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1.woody.3
>
> Isn't that considered sensitive information?

Not really. Most services have "signatures", as do OS's. If you can't 
determine it blatantly, there's always response patterns. (See 
"security through obscurity").

>  Why advertise it so
> blatantly?

Partly so the program can login properly (use proper ssh versions). As 
far as reporting the OS, *shrug*.

> Is there any way turn this banner off?

Haven't seen this one in a config file (there is a Banner keyword, but 
it's different), but it should be easy enough to edit the source to 
limit it down. Change it and post a diff to the openssh team, with an 
explanation, I guess...

-Bop

References:
- [ale] SSHD reports version info!?
  - From: kjkrum at comcast.net (Kevin Krumwiede)

Prev by Date: [ale] ALE NW meeting Thursday
Next by Date: [ale] unknown
Previous by thread: [ale] SSHD reports version info!?
Next by thread: [ale] SSHD reports version info!?
Index(es):
- Date
- Thread