[Bug 2971] New: Prevent OpenSSH from advertising its version number
Gert Doering
gert at greenie.muc.de
Wed Feb 20 22:17:58 AEDT 2019
Hi,
On Wed, Feb 20, 2019 at 10:59:19AM +0000, Jochen Bern wrote:
> FWIW, and without dismissing the possibility of fingerprinting a server
> in other ways, the fact that clients that *can* pass authentication have
> a need to know the server's version number (and vice versa) does not
> necessarily imply that that information needs to be passed in the
> *public* part of the protocol ...
You missed the parts about "working around implementation kinks that
the clients can know by looking at the version string".
Like, "if we send <this> key exchange now, the connection will be lost".
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany gert at greenie.muc.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3614 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20190220/540c8e71/attachment.bin>
More information about the openssh-unix-dev
mailing list