Hide version information -- patch attached

Mark openssh_nospam_ at secrisk.de
Mon Jul 14 03:08:33 EST 2003


Hi Darren,

thank you very much for your answer!
You have good reasons for not implementing this feature, altough I think 
a little bit different about it -- but you are the maintainers. =)

Sorry, that I didn't find this thread before I posted the patch.


Greetings


Mark


Darren Tucker wrote:

> Mark Semmler wrote:
>
> >I am not a friend of "security through obscurity", but I think each
> >administrator should have the choice to decide, wether this sensitive
> >information should be freely available or not. So I wrote a small patch
> >(see attached file).
>
>
> Good luck to you, but this has been done to death a couple of times before
> and the consensus is that this isn't going to happen.
>
> You're not adding much if any security (an attacker can just try *all* the
> exploits they have) and increasing the chances of interoperability
> problems.
>
> See http://bugzilla.mindrot.org/show_bug.cgi?id=94
>
>
> >The patch introduces the new parameter "WelcomeFile" to the
> >configuration file. Only if this parameter points to a valid file,
> >openssh reads a welcome message up to 128 characters out of it and
> >displays it at the identfication exchange, e.g.:
>
>
> Do you violate protocol if you have 2 newlines those 128 characters?  Why
> not just have your string in the config file?  (It would be less code.)
>




More information about the openssh-unix-dev mailing list