Using openssh 3.1p1 on Solaris with tcp wrappers 7.6
Wietse Venema
wietse at porcupine.org
Thu May 2 06:15:42 EST 2002
There is no official mechanism for sending SSH banners that I am
aware of.
I once did a little hack in the SSH client to allow for additional
text, newline terminated, that is sent prior to the SSH server
version string. The banner would of course break generic clients.
Wietse
R. P. Channing Rodgers, M.D.:
>
> Dear Open SSH and TCP Wrappers Colleagues,
>
> We are trying to use open ssh 3.1p1 on SPARC platforms
> under Solaris 2.8 using gcc 2.95.2, in conjunction with
> tcp wrappers 7.6 (IPv6 version). The wrapping of open ssh
> is not too well documented but I think we have figured
> most of this out (hearty thanks to Wietse Venema, Jim
> Mintha & Niels Provos for their helpful email exchanges) --
> but have one final question. Tcp wrappers can send out
> banner messages in response to various network service
> requests. The Banners.makefile that is used to create
> the various banner files from a prototype (inserting any
> special content that a particular service protocol such
> as ftp might require) does contain this comment:
>
> # Other services: banners may interfere with normal operation
> # so they should probably be used only when refusing service.
> # In particular, banners don't work with standard rsh daemons.
> # You would have to use an rshd that has built-in tcp wrapper
> # support, for example the rshd that is part of the logdaemon
> # utilities.
>
> And there is no target to create a sshd banner. Is there
> a mechanism in open ssh, when using tcp wrappers, to
> support a banner? Thanks in advance for any helpful
> insights.
>
> We would be happy to share our installation instructions
> for both systems and welcome comments about the most
> efficient way in which we might do so.
>
> Cheerio, Rick Rodgers
>
More information about the openssh-unix-dev
mailing list