[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#130876: ssh: -5 discloses too much infomation to an attacker, security

Previously Matthew Vernon wrote:
> retitle 130876 Sending server software version information should be optional

I'm not sure I agree with that: that easily leads to the configurable
version response option that was discussed on openssh-dev recently where
it was concluded that is not a good idea.

Wichert.

-- 
  _________________________________________________________________
 /wichert@wiggy.net         This space intentionally left occupied \
| wichert@deephackmode.org            http://www.liacs.nl/~wichert/ |
| 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0  2805 3CB8 9250 2FA3 BC2D |
Reply to: