[Bug 2971] New: Prevent OpenSSH from advertising its version number
Mark D. Baushke
mdb at juniper.net
Wed Feb 20 17:51:25 AEDT 2019
Nagesh writes:
> Cyber security team has recommended to disable the OpenSSH software
> version advertising when the connection has been established.
With respect, your cyber security team are foolish if they think that
obscurity of version will stop any bad actors from attempting to break
into OpenSSH in any way possible. The only folks hurt by supressing the
version advertising are the other implementations of the Secure Shell.
Please DO NOT allow the supression of the OpenSSH version number.
There are too just many cases where both OpenSSH interoperating with
itself as well as other SSH implementations have needed this version
number to properly deal with bugs in the code via negitations.
This bug should be closed with WONTFIX.
Thank you,
-- Mark
More information about the openssh-unix-dev
mailing list