Re: Telnet information.
Quoting Jay Kline ([EMAIL PROTECTED]): I maay be wrong, but dont the SSH clients need that banner to be able to identify what version to use? Yes; the major/minor combination tells the client which protocol versions can be used. The latest phrack has some interesting information about that as well :) Greets, Robert -- ( o Linux Generation o ) ///\finger [EMAIL PROTECTED] for my GnuPG/PGP key./\\\ \V_/\_V/ Fluor zarq: i'll be gentle :]
Re: Telnet information.
On Wed, Jul 31, 2002 at 01:58:59PM +0200, Robert van der Meulen wrote: Quoting Jay Kline ([EMAIL PROTECTED]): I maay be wrong, but dont the SSH clients need that banner to be able to identify what version to use? Yes; the major/minor combination tells the client which protocol versions can be used. The latest phrack has some interesting information about that as well :) But you can use the sshd_config and ssh_config to allow only the version you want.
Re: Telnet information.
Here's the link to the Phrack article. http://www.phrack.org/show.php?p=59a=11 It's a really good read, and what they are suggesting would affect the entire implementation of SSH, not just OpenSSH or SSH.com. It can't be fixed from the config file, as they are not talking about the protocols 1 or 2. -Anne This one time, Dale Amon wrote: On Wed, Jul 31, 2002 at 01:58:59PM +0200, Robert van der Meulen wrote: Quoting Jay Kline ([EMAIL PROTECTED]): I maay be wrong, but dont the SSH clients need that banner to be able to identify what version to use? Yes; the major/minor combination tells the client which protocol versions can be used. The latest phrack has some interesting information about that as well :) But you can use the sshd_config and ssh_config to allow only the version you want. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- .-.__.``. Anne Carasik, System Administrator .-.--. _...' (/) (/) ``' gator at cacr dot caltech dot edu (O/ O) \-' ` -==.', Center for Advanced Computing Research ~`~~ pgp7xg3aJEZIw.pgp Description: PGP signature
Re: Telnet information.
On Wed, Jul 31, 2002 at 08:12:00AM -0700, Anne Carasik wrote: Here's the link to the Phrack article. http://www.phrack.org/show.php?p=59a=11 It's a really good read, and what they are suggesting would affect the entire implementation of SSH, not just OpenSSH or SSH.com. It can't be fixed from the config file, as they are not talking about the protocols 1 or 2. Perhaps, but one should always change Protocol 1,2 to just Protocol 2 in both ssh_config and sshd_config. If someone only speaks P1, you really don't want to talk to them at all. Of course first make sure you are upgraded on your own clients and servers/
Re: Telnet information.
Hi there, This one time, Dale Amon wrote: Perhaps, but one should always change Protocol 1,2 to just Protocol 2 in both ssh_config and sshd_config. If someone only speaks P1, you really don't want to talk to them at all. There's no debating that. The article doesn't refer to that--it refers to basic functionality of Secure Shell. -Anne -- .-.__.``. Anne Carasik, System Administrator .-.--. _...' (/) (/) ``' gator at cacr dot caltech dot edu (O/ O) \-' ` -==.', Center for Advanced Computing Research ~`~~ pgp8KRZfv8ond.pgp Description: PGP signature
Telnet information.
Hi. Is there a generic way to block telnet information (runing woody) - if i telnet to our mailserver at port 110 then i am told both the version of our pop3 handler and what local ip it is running on, the same goes for port 22 and 25 (where ssh and postfix). Thanks ___ Mvh./Yours sincerely Lars Lars Roland Kristiansen Stu. Sci. Math/Computer science Copenhagen University - Institute for Mathematical Sciences Url: www.math.ku.dk Email: [EMAIL PROTECTED] Politics is for the moment, equations are forever - Albert Einstein -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Telnet information.
It depends per software package. In postfix you can set your smtpbanner in /etc/postfix/main.cf: smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) For OpenSSH you can change it during compile time ... Quoting Lars Roland Kristiansen [EMAIL PROTECTED]: Hi. Is there a generic way to block telnet information (runing woody) - if i telnet to our mailserver at port 110 then i am told both the version of our pop3 handler and what local ip it is running on, the same goes for port 22 and 25 (where ssh and postfix). Thanks ___ Mvh./Yours sincerely Lars Lars Roland Kristiansen Stu. Sci. Math/Computer science Copenhagen University - Institute for Mathematical Sciences Url: www.math.ku.dk Email: [EMAIL PROTECTED] Politics is for the moment, equations are forever - Albert Einstein -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Telnet information.
On Friday 26 July 2002 08:06 am, Jeffrey Koetsier wrote: It depends per software package. For OpenSSH you can change it during compile time ... I maay be wrong, but dont the SSH clients need that banner to be able to identify what version to use? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Telnet information.
Quoting Jay Kline [EMAIL PROTECTED]: For OpenSSH you can change it during compile time ... I maay be wrong, but dont the SSH clients need that banner to be able to identify what version to use? SSH-2.0-OpenSSH_3.1p1_AtHome_SecurID I assume that it only uses the first phrase (SSH-2.0) for identifying. As this works fine for me -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]