[Bug 2971] New: Prevent OpenSSH from advertising its version number

bugzilla-daemon Tue, 19 Feb 2019 18:23:17 -0800

https://bugzilla.mindrot.org/show_bug.cgi?id=2971


            Bug ID: 2971
           Summary: Prevent OpenSSH from advertising its version number
           Product: Portable OpenSSH
           Version: 7.6p1
          Hardware: All
                OS: Linux
            Status: NEW
          Severity: security
          Priority: P5
         Component: sshd
          Assignee: [email protected]
          Reporter: [email protected]

Created attachment 3244
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3244&action=edit
OpenSSH version captured from wireshark

Cyber security team has recommended to disable the OpenSSH software
version advertising when the connection has been established.

RFC 4253 Says : The software version part is used commonly for
interoperability and it is also not good idea to remove it.

OpenSSH software version advertising is part of the compiled code and
do not have configuration options to alter or suppress them.

You have to modify the below code and recompile the software. 

src/ssh/version.h

-- #define SSH_VERSION "OpenSSH_7.6"
++ #define SSH_VERSION " " // length should be > 0

It will be good if you provide that option in sshd configuration file.

Thanks & Regards,
Nagesh

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
[email protected]
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2971] New: Prevent OpenSSH from advertising its version number

Reply via email to