Using openssh 3.1p1 on Solaris with tcp wrappers 7.6

Darren Moffat Darren.Moffat at Sun.COM
Thu May 2 06:21:37 EST 2002

I suspect you answers are in reference to version 1 of the protocol,
since v2 has solutions for both of the things you raise.

>There is no official mechanism for sending SSH banners that I am
>aware of.

draft-ietf-secsh-userauth-15.txt  Section 2.5

>I once did a little hack in the SSH client to allow for additional
>text, newline terminated, that is sent prior to the SSH server
>version string. The banner would of course break generic clients.

draft-ietf-secsh-transport-14.txt  Section 3.2

   The server MAY send other lines of data before sending the version
   string.  Each line SHOULD be terminated by a carriage return and
   newline.  Such lines MUST NOT begin with "SSH-", and SHOULD be
   encoded in ISO-10646 UTF-8 [RFC2279] (language is not specified).
   Clients MUST be able to process such lines; they MAY be silently
   ignored, or MAY be displayed to the client user; if they are
   displayed, control character filtering discussed in [SSH-ARCH] SHOULD
   be used.  The primary use of this feature is to allow TCP-wrappers to
   display an error message before disconnecting.

Darren J Moffat

More information about the openssh-unix-dev mailing list