Hide version information -- patch attached
Darren Tucker
dtucker at zip.com.au
Fri Jul 11 22:31:00 EST 2003
Mark Semmler wrote:
> I am not a friend of "security through obscurity", but I think each
> administrator should have the choice to decide, wether this sensitive
> information should be freely available or not. So I wrote a small patch
> (see attached file).
Good luck to you, but this has been done to death a couple of times before
and the consensus is that this isn't going to happen.
You're not adding much if any security (an attacker can just try *all* the
exploits they have) and increasing the chances of interoperability
problems.
See http://bugzilla.mindrot.org/show_bug.cgi?id=94
> The patch introduces the new parameter "WelcomeFile" to the
> configuration file. Only if this parameter points to a valid file,
> openssh reads a welcome message up to 128 characters out of it and
> displays it at the identfication exchange, e.g.:
Do you violate protocol if you have 2 newlines those 128 characters? Why
not just have your string in the config file? (It would be less code.)
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list