On Wed, Jul 30, 2008 at 8:58 AM, Jan Pechanec <Jan.Pechanec at sun.com> wrote: > On Wed, 30 Jul 2008, Darren J Moffat wrote: > >>> I am using Solaris 10 5/08 >> >>For Solaris 10 support questions please contact Sun Services. This >>alias is for OpenSolaris. >> >>I'm not sure if the DisableBanner support is in any Solaris 10 release. > > Darren, you read too fast :-) The question was about banner but what > was actually requested was to hide the version string "SSH-2.0-Sun_SSH_1.1". > > to ldaves - it can't be done. The version string servers as a means > to switch on/off various compatibility flags. The version string is part of > the protocol and there is no way SSH could work without it.
If I were to bet, certain 'Enterprise' Security Management products (*cough*) consider it a security 'risk' to present such info (and flag it as a 'high' risk in their scans). I believe the commercial SSH software allows you to set a custom string. I wonder if it might be useful to have a blurb somewhere explaining the importance. Sometimes makes it easier to argue the scanning software is wrong if you can point to something besides just 'trust me'.
