Reacting to / Logging the peer's Version String?

Jochen Bern Jochen.Bern at binect.de
Thu Apr 18 20:51:11 AEST 2024


Hello everyone,

I seem to remember that, quite some while back, there were provisions in 
OpenSSH to look at the version string in the peer's hello and activate 
compatibility options for peer software that needed them.

Now, with CVE-2024-31497, I would like to have a look at the version 
strings of clients and servers other organizations use to exchange data 
with us; I remember occasionally seeing references in their hellos that 
their dedicated file transfer software was supposedly based on a PuTTY 
*library*.

Apart from using tcpdump or cranking the log level *way* up, would it be 
possible to configure OpenSSH to extract *that* information 
specifically, a la

Match PeerVersion "*putty*"
	Log "PuTTY-using peer found!"
	Banner /etc/ssh/you_want_to_have_a_look_at_this_cve.txt

?

Kind regards and thanks in advance,
-- 
Jochen Bern
Systemingenieur

Binect GmbH
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3449 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20240418/961b08de/attachment-0001.p7s>


More information about the openssh-unix-dev mailing list