Hiding version information

Bennett Samowich brs at ben-tech.com
Fri Sep 13 20:54:16 EST 2002


Greetings,

I have seen a couple of postings about hiding the version information from
clients.  I had modified my copy of 3.4p1 to include two additional
configuration options that accomplish this task and a bit more.  I had
posted this to the general users list, but after thinking about it, I
thought that it might be good to post it here as well.


* Does a feature like this have any impact on the functionality of OpenSSH?
* Would a feature like this appealing at all to the OpenSSH community?


The options are HideVersionInformation and VersionString, and they operate
like this:

Setting HideVersionInformation to yes causes sshd to either use a default
version string of "OpenSSH" or a user defined string specified with the
option VersionString.

Example 1:				# sshd would deliver something like SSH-2.0-OpenSSH_3.4p1
HideVersionInformation no

Example 2:				# sshd would deliver something like SSH-2.0-OpenSSH
HideVersionInformation yes

Example 3:				# sshd would deliver something like
SSH-2.0-You_must_be_joking!
HideVersionInformation yes
VersionString You_must_be_joking!

Any version string that you specify must be a single string (use '_' for
spaces).  I have left the HideVersionInformation defaulting to off.  This is
so you can have control of your box with the compiled version before you
start changing the version string.  I am not sure what functionality gets
broken, if any, by altering the version string.  So far I have not had any
problems with the test installations.  In fact, I do have it on a couple of
production machines as well.

For those that might be interested... I have included a patch that was
diff'd against a clean 3.4p1.

Hope this helps
- Bennett
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: hide_version.patch
Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20020913/de2e667b/attachment.ksh 


More information about the openssh-unix-dev mailing list