[ale] SSHD reports version info!?

Michael H. Warfield mhw at wittsend.com
Thu Feb 19 12:03:19 EST 2004


On Thu, Feb 19, 2004 at 02:39:42AM -0500, Kevin Krumwiede wrote:
> (I posted this to the debian-user list but it never showed up.)

> When I telnet to port 22 on my 3.0r2 server, I see this:

> SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1.woody.3

> Isn't that considered sensitive information?  Why advertise it so
> blatantly?  Is there any way turn this banner off?

	Not really.  If you didn't, an attack can just throw a broad
spectrum attack at you, no gain.  Someone scanning would spot you and
just assume that you are obfuscating the information because you're too
lazy to keep your software up to date and flag you for that extra special
attention they like to provide from time to time, just after an exploit
release.

	No you can not turn it off and, even if you could, you would then
break ssh.  That information is not there merely for you edification.
It's there to tell the client what protocols to speak.  There are
several different dialects and the client needs to know what it's talking
to inorder to negotiate the protocols properly.  It's the openning offer
in the protocol.

	Some of the information (Like from "Debian" to the end of line)
is mutable and you could trash it.  That first openning string, however,
should NOT be tampered with.

> Thanks,
> Krum

	Mike
-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw at WittsEnd.com
  /\/\|=mhw=|\/\/       |  (678) 463-0932   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: not available




More information about the Ale mailing list