Reacting to / Logging the peer's Version String?
Jochen Bern
Jochen.Bern at binect.de
Thu Apr 18 20:51:11 AEST 2024
Hello everyone,
I seem to remember that, quite some while back, there were provisions in
OpenSSH to look at the version string in the peer's hello and activate
compatibility options for peer software that needed them.
Now, with CVE-2024-31497, I would like to have a look at the version
strings of clients and servers other organizations use to exchange data
with us; I remember occasionally seeing references in their hellos that
their dedicated file transfer software was supposedly based on a PuTTY
*library*.
Apart from using tcpdump or cranking the log level *way* up, would it be
possible to configure OpenSSH to extract *that* information
specifically, a la
Match PeerVersion "*putty*"
Log "PuTTY-using peer found!"
Banner /etc/ssh/you_want_to_have_a_look_at_this_cve.txt
?
Kind regards and thanks in advance,
--
Jochen Bern
Systemingenieur
Binect GmbH
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3449 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20240418/961b08de/attachment-0001.p7s>
More information about the openssh-unix-dev
mailing list