Hi all, I upgraded from 5.1 to 5.2.1p3 over the weekend, and finished off with a Nessus scan to check that ssh was the only port visible to the outside world. Despite a recent (i.e. last Thursday) cvsup to sync the source tree, I'm getting a high severity warning about a hole in SSH based on the version number reported (3.6.1p1 FreeBSD-20030924). I'm using the core ssh, not the version from ports. Does anyone know if this problem is real, or a false-positive?
As an aside, can sshd be prevented from reporting its version number on connect, or is this something that a client-app needs to know? Thanks, Danny. _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"