[Bug 2971] New: Prevent OpenSSH from advertising its version number
Michael Stone
mstone at cs.loyola.edu
Fri Feb 22 04:26:51 AEDT 2019
On Wed, Feb 20, 2019 at 09:56:02PM +1030, David Newall wrote:
>I'm surprised by how many otherwise sensible and clueful people think
>that security through obscurity is a good idea. Hiding the version
>number will not prevent adversaries from discovering the version
>number.
IME, it's more common for exploits to just throw stuff against a wall
and not care much about the version at all. Basically, hiding the
version number mostly causes problems only for legitimate uses.
More information about the openssh-unix-dev
mailing list