[ubuntu-hardened] hiding ssh version
kees at ubuntu.com
Sat Mar 28 16:15:38 GMT 2009
On Sat, Mar 28, 2009 at 12:00:40AM -0600, Dan Howerton wrote:
> x at x:~$ telnet 220.127.116.11 22
I recommend "nc" since it doesn't send or process Telnet escape sequences.
> I dont quite fancy this so I did some poking around google and found a patch
> to hide this at
> Is it possible to get this patch into either the standard openssh package or
> one we can grab through the security repo?
There has been a long-standing bug with upstream, where I supplied
a few versions of possible patches, but they continue to really dislike
My reasoning has been that I can already change the banner on other
services (SMTP, e.g.), so why not have the same available for SSH? I have
been nervous about carrying such a patch in Ubuntu without upstream
I understand their reasoning about not wanting to mess with the protocol
versions, and I get that clients may need to tweak behavior based on the
software version, and I've seen situations where even using the version
comment could be useful to clients, but I think that's all moot since
only a small number of people would even use these options.
If someone wants to try to convince upstream otherwise, I would be very
Ubuntu Security Team
More information about the ubuntu-hardened