[Bug 2971] Prevent OpenSSH from advertising its version number
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Thu Feb 21 09:19:51 AEDT 2019
https://bugzilla.mindrot.org/show_bug.cgi?id=2971
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |djm at mindrot.org
Status|NEW |RESOLVED
Resolution|--- |WONTFIX
--- Comment #1 from Damien Miller <djm at mindrot.org> ---
Sorry but there is zero chance we will offer this as an option. The
version number is used for a number of compatibility tweaks and bug
workarounds, so removing it would greatly hinder our ability to
interoperate and improve the protocol over time.
I'd also say that your security advise is bad: hiding the version
number doesn't prevent an attacker from attempting exploits and doesn't
even prevent the attacker from learning the version of software in use
(protocol fingerprinting).
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list