ssh(d) identification string in portable (clarification)

Daniel Kahn Gillmor dkg at fifthhorseman.net
Tue Aug 9 07:21:55 AEST 2016


On Mon 2016-08-08 03:24:36 -0400, Jakub Jelen wrote:

> We got a report [1], that we miss "p1" suffix in the sshd identification 
> strings in Fedora. I dig in and found out that it is also missing from 
> portable usptream since 2004, when you were rewriting  version.h  header 
> file with this information.
>
> Debian somehow patched this information back during the time in some 
> places (ssh_api.c is missing).

this is arguably a (very old) bug in debian:

  https://bugs.debian.org/130876
  https://bugs.debian.org/774410

> It does not look like intention to remove the release version 
> information [2]. Can you clarify?
>
> [1] https://bugzilla.redhat.com/show_bug.cgi?id=1364595
> [2] https://github.com/openssh/openssh-portable/commit/2aa6d3cf

The synopsis of that changeset comment (by Damien Miller) is:

    Don't divulge portable version in protocol

That seems like a pretty clear intent.  (and fwiw, i think it's the
right thing to do)

      --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 930 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20160808/76580947/attachment-0001.bin>


More information about the openssh-unix-dev mailing list