Hello-
I am trying to find the best way to prevent sshd from announcing the version number
when someone connects the port 22.
Currently it looks like this:
$ telnet x.x.x.x 22
Trying x.x.x.x ...
Connected to x.x.x.x.
Escape character is '^]'.
SSH-1.99-OpenSSH_2.9p1
... well our security policy dictates that we obscure the version numbers of any running
application when at all possible - to make a hacker's job just a little bit harder.
The only way I have found is to edit the version.h file and change
#define SSH_VERSION "OpenSSH_2.9p1"
to
#define SSH_VERSION "Undisclosed_Version"
which changes the version string to
SSH-1.99-Undisclosed_Version
But that also obscures the version when someone runs ssh -V or sshd -V
Is there a better way to hide the version from remote users but allow local users to see the version?
Are there any negative side effects to doing this?
Thanks,
-- Jeff Apolis
