ssh(d) identification string in portable (clarification)
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Tue Aug 9 07:21:55 AEST 2016
On Mon 2016-08-08 03:24:36 -0400, Jakub Jelen wrote:
> We got a report , that we miss "p1" suffix in the sshd identification
> strings in Fedora. I dig in and found out that it is also missing from
> portable usptream since 2004, when you were rewriting version.h header
> file with this information.
> Debian somehow patched this information back during the time in some
> places (ssh_api.c is missing).
this is arguably a (very old) bug in debian:
> It does not look like intention to remove the release version
> information . Can you clarify?
>  https://bugzilla.redhat.com/show_bug.cgi?id=1364595
>  https://github.com/openssh/openssh-portable/commit/2aa6d3cf
The synopsis of that changeset comment (by Damien Miller) is:
Don't divulge portable version in protocol
That seems like a pretty clear intent. (and fwiw, i think it's the
right thing to do)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 930 bytes
Desc: not available
More information about the openssh-unix-dev