[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Someone scanned my ssh daemon

Mark Devin <mdevin@ozemail.com.au> writes:

> On Mon, 2003-06-16 at 23:32, Tomasz Papszun wrote:
>> ServerTokens ProductOnly
>> ServerSignature Off
>> 
> I was going to say exactly this earlier in the thread.  I put this in My
> Apache config quite some time ago when I realised I could.  There should
> be something similar in the sshd_config in my opinion.
>
> Of the information spat out from my ssh daemon:
> SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1
> I believe that clients need only the "SSH-2.0" part.

Technically yes, but OpenSSH does use the OpenSSH part of the version
string to enable some OpenSSH specific things.  Also, if you're in an
environment with a security team that has the power to shut off your
port, the Debian part of the Version string is very handy.  It clues
the security people into the fact that you're running a version of ssh
with security patches backported and aren't vulnerable to the known
exploits agains OpenSSH 3.4 and the like.  

Still, the Debian part of the version string should be user-customizable.

-- 
Ted Cabeen
Systems/Network Administrator
Impulse Internet Services
Reply to: