Using openssh 3.1p1 on Solaris with tcp wrappers 7.6

Wietse Venema wietse at
Thu May 2 06:24:55 EST 2002



Darren Moffat:
> I suspect you answers are in reference to version 1 of the protocol,
> since v2 has solutions for both of the things you raise.
> >There is no official mechanism for sending SSH banners that I am
> >aware of.
> draft-ietf-secsh-userauth-15.txt  Section 2.5
> >I once did a little hack in the SSH client to allow for additional
> >text, newline terminated, that is sent prior to the SSH server
> >version string. The banner would of course break generic clients.
> draft-ietf-secsh-transport-14.txt  Section 3.2
>    The server MAY send other lines of data before sending the version
>    string.  Each line SHOULD be terminated by a carriage return and
>    newline.  Such lines MUST NOT begin with "SSH-", and SHOULD be
>    encoded in ISO-10646 UTF-8 [RFC2279] (language is not specified).
>    Clients MUST be able to process such lines; they MAY be silently
>    ignored, or MAY be displayed to the client user; if they are
>    displayed, control character filtering discussed in [SSH-ARCH] SHOULD
>    be used.  The primary use of this feature is to allow TCP-wrappers to
>    display an error message before disconnecting.
> --
> Darren J Moffat

More information about the openssh-unix-dev mailing list