Hiding version information
Bennett Samowich
brs at ben-tech.com
Fri Sep 13 20:54:16 EST 2002
Greetings,
I have seen a couple of postings about hiding the version information from
clients. I had modified my copy of 3.4p1 to include two additional
configuration options that accomplish this task and a bit more. I had
posted this to the general users list, but after thinking about it, I
thought that it might be good to post it here as well.
* Does a feature like this have any impact on the functionality of OpenSSH?
* Would a feature like this appealing at all to the OpenSSH community?
The options are HideVersionInformation and VersionString, and they operate
like this:
Setting HideVersionInformation to yes causes sshd to either use a default
version string of "OpenSSH" or a user defined string specified with the
option VersionString.
Example 1: # sshd would deliver something like SSH-2.0-OpenSSH_3.4p1
HideVersionInformation no
Example 2: # sshd would deliver something like SSH-2.0-OpenSSH
HideVersionInformation yes
Example 3: # sshd would deliver something like
SSH-2.0-You_must_be_joking!
HideVersionInformation yes
VersionString You_must_be_joking!
Any version string that you specify must be a single string (use '_' for
spaces). I have left the HideVersionInformation defaulting to off. This is
so you can have control of your box with the compiled version before you
start changing the version string. I am not sure what functionality gets
broken, if any, by altering the version string. So far I have not had any
problems with the test installations. In fact, I do have it on a couple of
production machines as well.
For those that might be interested... I have included a patch that was
diff'd against a clean 3.4p1.
Hope this helps
- Bennett
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: hide_version.patch
Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20020913/de2e667b/attachment.ksh
More information about the openssh-unix-dev
mailing list