[ubuntu-hardened] hiding ssh version
Marc Deslauriers
marc.deslauriers at canonical.com
Sat Mar 28 13:09:32 GMT 2009
On Sat, 2009-03-28 at 00:00 -0600, Dan Howerton wrote:
> Hey Guys,
>
> I was poking around and saw this...
>
> x at x:~$ telnet 1.1.1.1 22
> Trying 1.1.1.1...
> Connected to 1.1.1.1.
> Escape character is '^]'.
> SSH-2.0-OpenSSH_5.1p1 Debian-3ubuntu1
>
> I dont quite fancy this so I did some poking around google and found a
> patch to hide this at
>
> http://www.kramse.dk/projects/unix/opensshhideversion_en.html
>
> Is it possible to get this patch into either the standard openssh
> package or one we can grab through the security repo?
That wouldn't be a good idea, as ssh clients, including OpenSSH parse
the version string in order to identify bugs/capabilities with
particular ssh versions.
For an example, see compat.c in the OpenSSH source code.
Marc.
More information about the ubuntu-hardened
mailing list