Bug#130876: ssh: -5 discloses too much infomation to an attacker, security
Wichert Akkerman writes:
> Previously Matthew Vernon wrote:
> > retitle 130876 Sending server software version information should be optional
>
> I'm not sure I agree with that: that easily leads to the configurable
> version response option that was discussed on openssh-dev recently where
> it was concluded that is not a good idea.
I'm not sure it's a good idea either. I suspect Lazarus won't accept
the status quo, however.
Matthew
--
Rapun.sel - outermost outpost of the Pick Empire
http://www.pick.ucam.org
Reply to: