[Bug 2971] New: Prevent OpenSSH from advertising its version number
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Wed Feb 20 13:22:36 AEDT 2019
https://bugzilla.mindrot.org/show_bug.cgi?id=2971
Bug ID: 2971
Summary: Prevent OpenSSH from advertising its version number
Product: Portable OpenSSH
Version: 7.6p1
Hardware: All
OS: Linux
Status: NEW
Severity: security
Priority: P5
Component: sshd
Assignee: unassigned-bugs at mindrot.org
Reporter: nagesh.k at in.abb.com
Created attachment 3244
--> https://bugzilla.mindrot.org/attachment.cgi?id=3244&action=edit
OpenSSH version captured from wireshark
Cyber security team has recommended to disable the OpenSSH software
version advertising when the connection has been established.
RFC 4253 Says : The software version part is used commonly for
interoperability and it is also not good idea to remove it.
OpenSSH software version advertising is part of the compiled code and
do not have configuration options to alter or suppress them.
You have to modify the below code and recompile the software.
src/ssh/version.h
-- #define SSH_VERSION "OpenSSH_7.6"
++ #define SSH_VERSION " " // length should be > 0
It will be good if you provide that option in sshd configuration file.
Thanks & Regards,
Nagesh
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list