Re: ssh banner
I'm starting to get bored of pople replying nonsense without tesint it themselves. On Fri, Oct 18, 2002 at 09:19:01PM +0200, Vasarhelyi asd Daniel wrote: issue(5) might help some of you about pre-login banner and daemon(s) banner version. Banner gets diplayed _after_ successful login, but ssh handshake needs some information about server ssh version. No, banner (aka issue.net) gets displayed _before_ password prompt. Motd gets displayed _after_ a successful login. Regards Javi -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ssh banner
On Fri, Oct 18, 2002 at 11:08:52AM -0400, Phillip Hofmeister wrote: On Fri, 18 Oct 2002 at 03:50:12PM +0200, [EMAIL PROTECTED] wrote: Why isn't it done by default ? You would have to ask the maintainer... Oh! Better: file a bug. No! Wait! It's already done [1] :-| Javi [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=139505repeatmerged=yes Bugs #130876, #149877, #15566, #139505 msg07481/pgp0.pgp Description: PGP signature
Re: ssh banner
I'm starting to get bored of pople replying nonsense without tesint it themselves. On Fri, Oct 18, 2002 at 09:19:01PM +0200, Vasarhelyi asd Daniel wrote: issue(5) might help some of you about pre-login banner and daemon(s) banner version. Banner gets diplayed _after_ successful login, but ssh handshake needs some information about server ssh version. No, banner (aka issue.net) gets displayed _before_ password prompt. Motd gets displayed _after_ a successful login. Regards Javi
Re: ssh banner
On Fri, Oct 18, 2002 at 11:08:52AM -0400, Phillip Hofmeister wrote: On Fri, 18 Oct 2002 at 03:50:12PM +0200, [EMAIL PROTECTED] wrote: Why isn't it done by default ? You would have to ask the maintainer... Oh! Better: file a bug. No! Wait! It's already done [1] :-| Javi [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=139505repeatmerged=yes Bugs #130876, #149877, #15566, #139505 pgp4WrSkVMXJs.pgp Description: PGP signature
Re: ssh banner
On Fri, Oct 18, 2002 at 03:51:49PM +0200, vdongen wrote: afaik /etc/issue.net is intended for telnet and not for ssh. Are you saying using /etc/issue.net is a security risk or that it will not work? I use /etc/issue.net on all my sshd's without problems(fwiw) -- Regards, Time 13 \ 9 . 3 clockbot.net / 6 msg07473/pgp0.pgp Description: PGP signature
Re: ssh banner
On Fri, Oct 18, 2002 at 03:23:42PM +0200, Aleksander Iwanski wrote: killall -9 sshd done Isn't that a bit extreme? /etc/init.d/sshd restart would do just fine without any of that forcing. -- Regards, Time 13 \ 9 . 3 clockbot.net / 6 msg07477/pgp0.pgp Description: PGP signature
Re: ssh banner
On Fri, Oct 18, 2002 at 04:13:22PM +0200, Johannes Berth wrote: * [EMAIL PROTECTED] [EMAIL PROTECTED]: SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1 How can I disable the message ? You don't want to disable it. Oh, really ?! Are you refering to SSH-2.0 or to OpenSSH_3.4p1 Debian 1:3.4p1-1 ? przemol
Re: ssh banner
On Fri, Oct 18, 2002 at 03:23:42PM +0200, Aleksander Iwanski wrote: killall -9 sshd done Isn't that a bit extreme? /etc/init.d/sshd restart would do just fine without any of that forcing. -- Regards, Time 13 \ 9 . 3 clockbot.net / 6 pgpOB7u3DBaoN.pgp Description: PGP signature
Re: ssh banner
On Fri, Oct 18, 2002 at 03:51:49PM +0200, vdongen wrote: afaik /etc/issue.net is intended for telnet and not for ssh. Are you saying using /etc/issue.net is a security risk or that it will not work? I use /etc/issue.net on all my sshd's without problems(fwiw) -- Regards, Time 13 \ 9 . 3 clockbot.net / 6 pgp1zCM3SxNOA.pgp Description: PGP signature
ssh banner
Woody host:/home/przemoltelnet 192.168.x.y ssh Trying 192.168.x.y... Connected to 192.168.x.y. Escape character is '^]'. SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1 How can I disable the message ? przemol -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ssh banner
On Fri, Oct 18, 2002 at 02:58:44PM +0200, [EMAIL PROTECTED] wrote: Woody host:/home/przemoltelnet 192.168.x.y ssh Trying 192.168.x.y... Connected to 192.168.x.y. Escape character is '^]'. SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1 Edit sshd_config find the line with something like Banner /etc/issue.net and set # Banner /etc/issue.net killall -9 sshd done Regards How can I disable the message ? przemol -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- Aleksander Iwaski [EMAIL PROTECTED] tel. +48 58 5575824 mobile: +48 502273537 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ssh banner
Woody host:/home/przemoltelnet 192.168.x.y ssh Trying 192.168.x.y... Connected to 192.168.x.y. Escape character is '^]'. SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1 How can I disable the message ? This banner is needed information for a ssh client connecting to your server, therefor you better not disable it. Greetings, Ivo van Dongen -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ssh banner
On Fri, 2002-10-18 at 14:58, [EMAIL PROTECTED] wrote: SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1 How can I disable the message ? You can limit it somewhat (by editing source), but the protocol needs the version string, so you can't change it without breaking compatibility. -- Mark Janssen -- maniac(at)maniac.nl -- GnuPG Key Id: 357D2178 Unix / Linux, Open-Source and Internet Consultant @ SyConOS IT Maniac.nl Unix-God.Net|Org MarkJanssen.org|nl SyConOS.com|nl -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ssh banner
On Fri, 18 Oct 2002 [EMAIL PROTECTED] wrote: Woody host:/home/przemoltelnet 192.168.x.y ssh Trying 192.168.x.y... Connected to 192.168.x.y. Escape character is '^]'. SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1 How can I disable the message ? edit /etc/ssh/sshd_config and put a comment mark (#) at the beginning of the line that says Banner /etc/issue.net or something like that. hth, tobias r. -- NOC Hamster - Security Guy - Owner of one, root of many Tobias Rosenstock - [EMAIL PROTECTED] - [EMAIL PROTECTED] - [EMAIL PROTECTED] Wieske's Crew KG - http://irz42.net - http://www.crew-kg.de Humboldtstr. 51 - Lessingstr. 2 - 22083 Hamburg - Germany -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ssh banner
On Fri, Oct 18, 2002 at 02:58:44PM +0200, [EMAIL PROTECTED] wrote: Woody host:/home/przemoltelnet 192.168.x.y ssh Trying 192.168.x.y... Connected to 192.168.x.y. Escape character is '^]'. SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1 How can I disable the message ? you can't without modifiying the source. AFAIK, this message is used by client ssh to know if it is a ssh server -- Tab -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ssh banner
On Fri, Oct 18, 2002 at 03:23:42PM +0200, Aleksander Iwanski wrote: On Fri, Oct 18, 2002 at 02:58:44PM +0200, [EMAIL PROTECTED] wrote: Woody host:/home/przemoltelnet 192.168.x.y ssh Trying 192.168.x.y... Connected to 192.168.x.y. Escape character is '^]'. SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1 Edit sshd_config find the line with something like Banner /etc/issue.net and set # Banner /etc/issue.net killall -9 sshd przemek:~# grep -i banner /etc/ssh/sshd_config #Banner /etc/issue.net przemol -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ssh banner
This won't do the trick, AFAIK it will only display /etc/issue.net content before the password prompt, but wont change/hide the version of the sshd when telnet'ing localhost || ip on port 22. -xavier Edit sshd_config find the line with something like Banner /etc/issue.net and set # Banner /etc/issue.net killall -9 sshd done -- Xavier Santolaria [EMAIL PROTECTED] Alldas.org IT-Security Information Network http://xs.alldas.org perl -we '$|=1;print 1;@a=qw(\ | / -);while(){for($i=0;$i@a;$i++) {print\b$a[$i];select undef,undef,undef,.1}}print\n' msg07439/pgp0.pgp Description: PGP signature
Re: ssh banner
On Fri, Oct 18, 2002 at 03:23:18PM +0200, vdongen wrote: Woody host:/home/przemoltelnet 192.168.x.y ssh Trying 192.168.x.y... Connected to 192.168.x.y. Escape character is '^]'. SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1 How can I disable the message ? This banner is needed information for a ssh client connecting to your server, therefor you better not disable it. Well, I agree e.g. SSH-2.0. But the rest ? It allow easily recognise what system is the server. przemol -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ssh banner
Hi, On Fri, 18 Oct 2002, vdongen wrote: Woody host:/home/przemoltelnet 192.168.x.y ssh Trying 192.168.x.y... Connected to 192.168.x.y. Escape character is '^]'. SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1 How can I disable the message ? This banner is needed information for a ssh client connecting to your server, therefor you better not disable it. oops, of course you're right.. i didn't pay attention to the line saying telnet etc., i just kicked out my standard how do i remove this annoying banner reply that our customers get when they don't wanna see it. my fault.. tobias r. -- NOC Hamster - Security Guy - Owner of one, root of many Tobias Rosenstock - [EMAIL PROTECTED] - [EMAIL PROTECTED] - [EMAIL PROTECTED] Wieske's Crew KG - http://irz42.net - http://www.crew-kg.de Humboldtstr. 51 - Lessingstr. 2 - 22083 Hamburg - Germany -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ssh banner
On Fri, 18 Oct 2002 at 02:58:44PM +0200, [EMAIL PROTECTED] wrote: host:/home/przemoltelnet 192.168.x.y ssh Trying 192.168.x.y... Connected to 192.168.x.y. Escape character is '^]'. SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1 How can I disable the message ? If you attempt to disable this message your ssh clients will not work. See the SSH rfc in /usr/doc/ssh. You will find that both client and server exchange Verson information as part of the connection establishment/handshake. You can; however, recompile and get rid of the Debian 1:3.4p1-1 part... -- Phil PGP/GPG Key: http://www.zionlth.org/~plhofmei/ wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import XP Source Code: #include win2k.h #include extra_pretty_things_with_bugs.h #include more_bugs.h #include require_system_activation.h #include phone_home_every_so_often.h #include remote_admin_abilities_for_MS.h #include more_restrictive_EULA.h #include sell_your_soul_to_MS_EULA.h //os_ver=Windows 2000 os_ver=Windows XP -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ssh banner
On Fri, Oct 18, 2002 at 03:30:01PM +0200, Tobias Rosenstock wrote: On Fri, 18 Oct 2002 [EMAIL PROTECTED] wrote: Woody host:/home/przemoltelnet 192.168.x.y ssh Trying 192.168.x.y... Connected to 192.168.x.y. Escape character is '^]'. SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1 How can I disable the message ? edit /etc/ssh/sshd_config and put a comment mark (#) at the beginning of the line that says Banner /etc/issue.net or something like that. It is set (commented) by default. przemol -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ssh banner
You can still have a look there: http://groups.google.com/groups?selm=cy9se16re.fsf%40zeus.theos.comoutput=gplain for an answer, but would be better to not touch it. If you can restrict the access to port 22 for a few ip's, do it and block the rest. Will save you some sleepless nights if you'r _that_ worried about showing off your sshd version. cheers, -xavier On Fri, Oct 18, 2002 at 02:58:44PM +0200, [EMAIL PROTECTED] wrote: Woody host:/home/przemoltelnet 192.168.x.y ssh Trying 192.168.x.y... Connected to 192.168.x.y. Escape character is '^]'. SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1 How can I disable the message ? przemol -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- Xavier Santolaria [EMAIL PROTECTED] Alldas.org IT-Security Information Network http://xs.alldas.org perl -we '$|=1;print 1;@a=qw(\ | / -);while(){for($i=0;$i@a;$i++) {print\b$a[$i];select undef,undef,undef,.1}}print\n' msg07445/pgp0.pgp Description: PGP signature
Re: ssh banner
SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1 Edit sshd_config find the line with something like Banner /etc/issue.net and set # Banner /etc/issue.net killall -9 sshd done Regards afaik /etc/issue.net is intended for telnet and not for ssh. furthermore: $ netcat 0 22 SSH-1.99-OpenSSH_3.4p1 Debian 1:3.4p1-4 $ cat /etc/issue.net Debian GNU/%s testing/unstable %h sshd does not use /etc/issue.net by default: $ grep Banner /etc/ssh/sshd_config #Banner /etc/issue.net Greetings, Ivo van Dongen -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ssh banner
Hello, You can; however, recompile and get rid of the Debian 1:3.4p1-1 part... Why isn't it done by default ? FreeBSD started this to get rid of users, complaining about the old OpenSSH in the base system and to indicate that their OpenSSH is not the 2.3.0, but a security patched one. FreeBSD has another modification, VersionAddendum, so users who don't want that stupid string, can just add VersionAddendum to their sshd_config. --[ Free Software ISOs - http://www.fsn.hu/?f=download ]-- Attila Nagy e-mail: [EMAIL PROTECTED] Free Software Network (FSN.HU)phone @work: +361 210 1415 (194) cell.: +3630 306 6758 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ssh banner
* [EMAIL PROTECTED] [EMAIL PROTECTED]: SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1 How can I disable the message ? You don't want to disable it. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ssh banner
issue(5) might help some of you about pre-login banner and daemon(s) banner version. -xavier On Fri, Oct 18, 2002 at 03:30:01PM +0200, Tobias Rosenstock wrote: edit /etc/ssh/sshd_config and put a comment mark (#) at the beginning of the line that says Banner /etc/issue.net or something like that. -- Xavier Santolaria [EMAIL PROTECTED] Alldas.org IT-Security Information Network http://xs.alldas.org perl -we '$|=1;print 1;@a=qw(\ | / -);while(){for($i=0;$i@a;$i++) {print\b$a[$i];select undef,undef,undef,.1}}print\n' msg07452/pgp0.pgp Description: PGP signature
Re: ssh banner
On Fri, Oct 18, 2002 at 03:50:12PM +0200, [EMAIL PROTECTED] wrote: You can; however, recompile and get rid of the Debian 1:3.4p1-1 part... Why isn't it done by default ? 9-12 months down the road (or whenever the next exploit in OpenSSH is found), Debian will likely backport the fix into the current version rather than upgrading entirely. I assume the Debian part of the banner is to help us defend ourselves against local security folks doing SSH scans and freaking out whenever they see any version less than 3.secure -- we point them to the DSA, show that the fix is in the Changelogs, etc. In a perfect world, those folks would have already read the above supporting material and they wouldn't bug us at all. -- Mike Renfro / RD Engineer, Center for Manufacturing Research, 931 372-3601 / Tennessee Technological University -- [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ssh banner
On Fri, 18 Oct 2002 at 03:50:12PM +0200, [EMAIL PROTECTED] wrote: Why isn't it done by default ? You would have to ask the maintainer... -- Phil PGP/GPG Key: http://www.zionlth.org/~plhofmei/ wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import XP Source Code: #include win2k.h #include extra_pretty_things_with_bugs.h #include more_bugs.h #include require_system_activation.h #include phone_home_every_so_often.h #include remote_admin_abilities_for_MS.h #include more_restrictive_EULA.h #include sell_your_soul_to_MS_EULA.h //os_ver=Windows 2000 os_ver=Windows XP -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ssh banner
issue(5) might help some of you about pre-login banner and daemon(s) banner version. Banner gets diplayed _after_ successful login, but ssh handshake needs some information about server ssh version. There was a big flame about the 3.4p1 Debian 1:3.4p1-1 part of message. It can _not_ be masqueraded by config file, but you have 2 ways to get rid of this message: First: rewriting it on the source code and recompile sshd Second: get a hex-editor and put X's over the unwanted information. Be sure that you don't writing over necessary fields, or truncating the file with deleting some chars. Tripwire or software like that will cry. Daniel Vasarhelyi -- Daniel asd Vasarhelyi PGP key avaible at http://asd.musichello.com/gpg-pub.key and public keyservers Key fingerprint = EA00 AF4D A83C 1122 0967 DDF5 27BC 390F 181F 9954 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
ssh banner
Woody host:/home/przemoltelnet 192.168.x.y ssh Trying 192.168.x.y... Connected to 192.168.x.y. Escape character is '^]'. SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1 How can I disable the message ? przemol
Re: ssh banner
On Fri, Oct 18, 2002 at 02:58:44PM +0200, [EMAIL PROTECTED] wrote: Woody host:/home/przemoltelnet 192.168.x.y ssh Trying 192.168.x.y... Connected to 192.168.x.y. Escape character is '^]'. SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1 Edit sshd_config find the line with something like Banner /etc/issue.net and set # Banner /etc/issue.net killall -9 sshd done Regards How can I disable the message ? przemol -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- Aleksander Iwański [EMAIL PROTECTED] tel. +48 58 5575824 mobile: +48 502273537
Re: ssh banner
Woody host:/home/przemoltelnet 192.168.x.y ssh Trying 192.168.x.y... Connected to 192.168.x.y. Escape character is '^]'. SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1 How can I disable the message ? This banner is needed information for a ssh client connecting to your server, therefor you better not disable it. Greetings, Ivo van Dongen
Re: ssh banner
On Fri, 2002-10-18 at 14:58, [EMAIL PROTECTED] wrote: SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1 How can I disable the message ? You can limit it somewhat (by editing source), but the protocol needs the version string, so you can't change it without breaking compatibility. -- Mark Janssen -- maniac(at)maniac.nl -- GnuPG Key Id: 357D2178 Unix / Linux, Open-Source and Internet Consultant @ SyConOS IT Maniac.nl Unix-God.Net|Org MarkJanssen.org|nl SyConOS.com|nl
Re: ssh banner
On Fri, 18 Oct 2002 [EMAIL PROTECTED] wrote: Woody host:/home/przemoltelnet 192.168.x.y ssh Trying 192.168.x.y... Connected to 192.168.x.y. Escape character is '^]'. SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1 How can I disable the message ? edit /etc/ssh/sshd_config and put a comment mark (#) at the beginning of the line that says Banner /etc/issue.net or something like that. hth, tobias r. -- NOC Hamster - Security Guy - Owner of one, root of many Tobias Rosenstock - [EMAIL PROTECTED] - [EMAIL PROTECTED] - [EMAIL PROTECTED] Wieske's Crew KG - http://irz42.net - http://www.crew-kg.de Humboldtstr. 51 - Lessingstr. 2 - 22083 Hamburg - Germany
Re: ssh banner
On Fri, Oct 18, 2002 at 02:58:44PM +0200, [EMAIL PROTECTED] wrote: Woody host:/home/przemoltelnet 192.168.x.y ssh Trying 192.168.x.y... Connected to 192.168.x.y. Escape character is '^]'. SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1 How can I disable the message ? you can't without modifiying the source. AFAIK, this message is used by client ssh to know if it is a ssh server -- Tab
Re: ssh banner
On Fri, Oct 18, 2002 at 03:23:18PM +0200, vdongen wrote: Woody host:/home/przemoltelnet 192.168.x.y ssh Trying 192.168.x.y... Connected to 192.168.x.y. Escape character is '^]'. SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1 How can I disable the message ? This banner is needed information for a ssh client connecting to your server, therefor you better not disable it. Well, I agree e.g. SSH-2.0. But the rest ? It allow easily recognise what system is the server. przemol
Re: ssh banner
On Fri, 18 Oct 2002 at 02:58:44PM +0200, [EMAIL PROTECTED] wrote: host:/home/przemoltelnet 192.168.x.y ssh Trying 192.168.x.y... Connected to 192.168.x.y. Escape character is '^]'. SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1 How can I disable the message ? If you attempt to disable this message your ssh clients will not work. See the SSH rfc in /usr/doc/ssh. You will find that both client and server exchange Verson information as part of the connection establishment/handshake. You can; however, recompile and get rid of the Debian 1:3.4p1-1 part... -- Phil PGP/GPG Key: http://www.zionlth.org/~plhofmei/ wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import XP Source Code: #include win2k.h #include extra_pretty_things_with_bugs.h #include more_bugs.h #include require_system_activation.h #include phone_home_every_so_often.h #include remote_admin_abilities_for_MS.h #include more_restrictive_EULA.h #include sell_your_soul_to_MS_EULA.h //os_ver=Windows 2000 os_ver=Windows XP
Re: ssh banner
On Fri, Oct 18, 2002 at 03:30:01PM +0200, Tobias Rosenstock wrote: On Fri, 18 Oct 2002 [EMAIL PROTECTED] wrote: Woody host:/home/przemoltelnet 192.168.x.y ssh Trying 192.168.x.y... Connected to 192.168.x.y. Escape character is '^]'. SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1 How can I disable the message ? edit /etc/ssh/sshd_config and put a comment mark (#) at the beginning of the line that says Banner /etc/issue.net or something like that. It is set (commented) by default. przemol
Re: ssh banner
On Fri, Oct 18, 2002 at 03:23:42PM +0200, Aleksander Iwanski wrote: On Fri, Oct 18, 2002 at 02:58:44PM +0200, [EMAIL PROTECTED] wrote: Woody host:/home/przemoltelnet 192.168.x.y ssh Trying 192.168.x.y... Connected to 192.168.x.y. Escape character is '^]'. SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1 Edit sshd_config find the line with something like Banner /etc/issue.net and set # Banner /etc/issue.net killall -9 sshd przemek:~# grep -i banner /etc/ssh/sshd_config #Banner /etc/issue.net przemol
Re: ssh banner
On Fri, 18 Oct 2002 at 03:23:42PM +0200, Aleksander Iwanski wrote: Edit sshd_config find the line with something like Banner /etc/issue.net That will not get rid of the version identification string. -- Phil PGP/GPG Key: http://www.zionlth.org/~plhofmei/ wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import XP Source Code: #include win2k.h #include extra_pretty_things_with_bugs.h #include more_bugs.h #include require_system_activation.h #include phone_home_every_so_often.h #include remote_admin_abilities_for_MS.h #include more_restrictive_EULA.h #include sell_your_soul_to_MS_EULA.h //os_ver=Windows 2000 os_ver=Windows XP
Re: ssh banner
You can still have a look there: http://groups.google.com/groups?selm=cy9se16re.fsf%40zeus.theos.comoutput=gplain for an answer, but would be better to not touch it. If you can restrict the access to port 22 for a few ip's, do it and block the rest. Will save you some sleepless nights if you'r _that_ worried about showing off your sshd version. cheers, -xavier On Fri, Oct 18, 2002 at 02:58:44PM +0200, [EMAIL PROTECTED] wrote: Woody host:/home/przemoltelnet 192.168.x.y ssh Trying 192.168.x.y... Connected to 192.168.x.y. Escape character is '^]'. SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1 How can I disable the message ? przemol -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- Xavier Santolaria [EMAIL PROTECTED] Alldas.org IT-Security Information Network http://xs.alldas.org perl -we '$|=1;print 1;@a=qw(\ | / -);while(){for($i=0;$i@a;$i++) {print\b$a[$i];select undef,undef,undef,.1}}print\n' pgpj4ihs6fYum.pgp Description: PGP signature
Re: ssh banner
Hi, On Fri, 18 Oct 2002, vdongen wrote: Woody host:/home/przemoltelnet 192.168.x.y ssh Trying 192.168.x.y... Connected to 192.168.x.y. Escape character is '^]'. SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1 How can I disable the message ? This banner is needed information for a ssh client connecting to your server, therefor you better not disable it. oops, of course you're right.. i didn't pay attention to the line saying telnet etc., i just kicked out my standard how do i remove this annoying banner reply that our customers get when they don't wanna see it. my fault.. tobias r. -- NOC Hamster - Security Guy - Owner of one, root of many Tobias Rosenstock - [EMAIL PROTECTED] - [EMAIL PROTECTED] - [EMAIL PROTECTED] Wieske's Crew KG - http://irz42.net - http://www.crew-kg.de Humboldtstr. 51 - Lessingstr. 2 - 22083 Hamburg - Germany
Re: ssh banner
This won't do the trick, AFAIK it will only display /etc/issue.net content before the password prompt, but wont change/hide the version of the sshd when telnet'ing localhost || ip on port 22. -xavier Edit sshd_config find the line with something like Banner /etc/issue.net and set # Banner /etc/issue.net killall -9 sshd done -- Xavier Santolaria [EMAIL PROTECTED] Alldas.org IT-Security Information Network http://xs.alldas.org perl -we '$|=1;print 1;@a=qw(\ | / -);while(){for($i=0;$i@a;$i++) {print\b$a[$i];select undef,undef,undef,.1}}print\n' pgpy6uPbEiLKT.pgp Description: PGP signature
Re: ssh banner
On Fri, Oct 18, 2002 at 09:42:14AM -0400, Phillip Hofmeister wrote: On Fri, 18 Oct 2002 at 02:58:44PM +0200, [EMAIL PROTECTED] wrote: host:/home/przemoltelnet 192.168.x.y ssh Trying 192.168.x.y... Connected to 192.168.x.y. Escape character is '^]'. SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1 How can I disable the message ? If you attempt to disable this message your ssh clients will not work. See the SSH rfc in /usr/doc/ssh. You will find that both client and server exchange Verson information as part of the connection establishment/handshake. If version information of ssh protocol - that's ok. But I don't belive that string -OpenSSH_3.4p1 Debian 1:3.4p1-1 is required as part of protocol ;-) You can; however, recompile and get rid of the Debian 1:3.4p1-1 part... Why isn't it done by default ? przemol
Re: ssh banner
SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1 Edit sshd_config find the line with something like Banner /etc/issue.net and set # Banner /etc/issue.net killall -9 sshd done Regards afaik /etc/issue.net is intended for telnet and not for ssh. furthermore: $ netcat 0 22 SSH-1.99-OpenSSH_3.4p1 Debian 1:3.4p1-4 $ cat /etc/issue.net Debian GNU/%s testing/unstable %h sshd does not use /etc/issue.net by default: $ grep Banner /etc/ssh/sshd_config #Banner /etc/issue.net Greetings, Ivo van Dongen
Re: ssh banner
* Aleksander Iwanski [EMAIL PROTECTED]: Edit sshd_config find the line with something like Banner /etc/issue.net That's not the banner he's talking about. killall -9 sshd There are better ways to stop the ssh daemon.
Re: ssh banner
* [EMAIL PROTECTED] [EMAIL PROTECTED]: SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1 How can I disable the message ? You don't want to disable it.
Re: ssh banner
Hello, You can; however, recompile and get rid of the Debian 1:3.4p1-1 part... Why isn't it done by default ? FreeBSD started this to get rid of users, complaining about the old OpenSSH in the base system and to indicate that their OpenSSH is not the 2.3.0, but a security patched one. FreeBSD has another modification, VersionAddendum, so users who don't want that stupid string, can just add VersionAddendum to their sshd_config. --[ Free Software ISOs - http://www.fsn.hu/?f=download ]-- Attila Nagy e-mail: [EMAIL PROTECTED] Free Software Network (FSN.HU)phone @work: +361 210 1415 (194) cell.: +3630 306 6758
Re: ssh banner
issue(5) might help some of you about pre-login banner and daemon(s) banner version. -xavier On Fri, Oct 18, 2002 at 03:30:01PM +0200, Tobias Rosenstock wrote: edit /etc/ssh/sshd_config and put a comment mark (#) at the beginning of the line that says Banner /etc/issue.net or something like that. -- Xavier Santolaria [EMAIL PROTECTED] Alldas.org IT-Security Information Network http://xs.alldas.org perl -we '$|=1;print 1;@a=qw(\ | / -);while(){for($i=0;$i@a;$i++) {print\b$a[$i];select undef,undef,undef,.1}}print\n' pgpU0TExwL8R9.pgp Description: PGP signature
Re: ssh banner
On Fri, Oct 18, 2002 at 03:50:12PM +0200, [EMAIL PROTECTED] wrote: You can; however, recompile and get rid of the Debian 1:3.4p1-1 part... Why isn't it done by default ? 9-12 months down the road (or whenever the next exploit in OpenSSH is found), Debian will likely backport the fix into the current version rather than upgrading entirely. I assume the Debian part of the banner is to help us defend ourselves against local security folks doing SSH scans and freaking out whenever they see any version less than 3.secure -- we point them to the DSA, show that the fix is in the Changelogs, etc. In a perfect world, those folks would have already read the above supporting material and they wouldn't bug us at all. -- Mike Renfro / RD Engineer, Center for Manufacturing Research, 931 372-3601 / Tennessee Technological University -- [EMAIL PROTECTED]
Re: ssh banner
On Fri, 18 Oct 2002 at 03:50:12PM +0200, [EMAIL PROTECTED] wrote: Why isn't it done by default ? You would have to ask the maintainer... -- Phil PGP/GPG Key: http://www.zionlth.org/~plhofmei/ wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import XP Source Code: #include win2k.h #include extra_pretty_things_with_bugs.h #include more_bugs.h #include require_system_activation.h #include phone_home_every_so_often.h #include remote_admin_abilities_for_MS.h #include more_restrictive_EULA.h #include sell_your_soul_to_MS_EULA.h //os_ver=Windows 2000 os_ver=Windows XP
Re: ssh banner
issue(5) might help some of you about pre-login banner and daemon(s) banner version. Banner gets diplayed _after_ successful login, but ssh handshake needs some information about server ssh version. There was a big flame about the 3.4p1 Debian 1:3.4p1-1 part of message. It can _not_ be masqueraded by config file, but you have 2 ways to get rid of this message: First: rewriting it on the source code and recompile sshd Second: get a hex-editor and put X's over the unwanted information. Be sure that you don't writing over necessary fields, or truncating the file with deleting some chars. Tripwire or software like that will cry. Daniel Vasarhelyi -- Daniel asd Vasarhelyi PGP key avaible at http://asd.musichello.com/gpg-pub.key and public keyservers Key fingerprint = EA00 AF4D A83C 1122 0967 DDF5 27BC 390F 181F 9954