Bug#774410: allow for the package-specific version banner to be suppressed for ssh client

[Fedor Brunner <fedor.brunner@azet.sk>]

Package: openssh-client
Version: 1:6.7p1-3
Severity: wishlist
Tags: patch

Hi,
it should be possible to suppress the exact package version of
openssh that is reported during the initial protocol handshake
also for ssh client.

Similar bug was fixed for SSH server
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=562048

This patch adds DebianBanner option also to ssh_config. The behavior is
the same as DebianBanner in sshd_config.

Thanks,
Fedor

diff -Naur old/readconf.c new/readconf.c
--- old/readconf.c	2014-12-29 14:16:06.000000000 +0000
+++ new/readconf.c	2014-12-29 16:38:04.358747439 +0000
@@ -156,6 +156,7 @@
 	oCanonicalizeFallbackLocal, oCanonicalizePermittedCNAMEs,
 	oStreamLocalBindMask, oStreamLocalBindUnlink,
 	oProtocolKeepAlives, oSetupTimeOut,
+	oDebianBanner,
 	oIgnoredUnknownOption, oDeprecated, oUnsupported
 } OpCodes;
 
@@ -283,6 +284,7 @@
 	{ "ignoreunknown", oIgnoreUnknown },
 	{ "protocolkeepalives", oProtocolKeepAlives },
 	{ "setuptimeout", oSetupTimeOut },
+	{ "debianbanner", oDebianBanner },
 
 	{ NULL, oBadOption }
 };
@@ -1472,6 +1474,10 @@
 		intptr = &options->fwd_opts.streamlocal_bind_unlink;
 		goto parse_flag;
 
+	case oDebianBanner:
+		intptr = &options->debian_banner;
+		goto parse_flag;
+
 	case oDeprecated:
 		debug("%s line %d: Deprecated option \"%s\"",
 		    filename, linenum, keyword);
@@ -1652,6 +1658,7 @@
 	options->canonicalize_max_dots = -1;
 	options->canonicalize_fallback_local = -1;
 	options->canonicalize_hostname = -1;
+	options->debian_banner = -1;
 }
 
 /*
@@ -1840,6 +1847,8 @@
 		options->canonicalize_fallback_local = 1;
 	if (options->canonicalize_hostname == -1)
 		options->canonicalize_hostname = SSH_CANONICALISE_NO;
+	if (options->debian_banner == -1)
+		options->debian_banner = 1;
 #define CLEAR_ON_NONE(v) \
 	do { \
 		if (option_clear_or_none(v)) { \
diff -Naur old/readconf.h new/readconf.h
--- old/readconf.h	2014-12-29 14:26:42.943868206 +0000
+++ new/readconf.h	2014-12-29 14:24:55.036930555 +0000
@@ -150,6 +150,8 @@
 	struct allowed_cname permitted_cnames[MAX_CANON_DOMAINS];
 
 	char	*ignored_unknown; /* Pattern list of unknown tokens to ignore */
+
+	int	debian_banner;
 }       Options;
 
 #define SSH_CANONICALISE_NO	0
diff -Naur old/ssh_config.5 new/ssh_config.5
--- old/ssh_config.5	2014-12-29 14:16:06.000000000 +0000
+++ new/ssh_config.5	2014-12-29 15:17:42.003822518 +0000
@@ -552,6 +552,11 @@
 then the backgrounded master connection will automatically terminate
 after it has remained idle (with no client connections) for the
 specified time.
+.It Cm DebianBanner
+Specifies whether the distribution-specified extra version suffix is
+included during initial protocol handshake.
+The default is
+.Dq yes .
 .It Cm DynamicForward
 Specifies that a TCP port on the local machine be forwarded
 over the secure channel, and the application
diff -Naur old/sshconnect.c new/sshconnect.c
--- old/sshconnect.c	2014-12-29 14:16:06.000000000 +0000
+++ new/sshconnect.c	2014-12-29 15:12:32.712529301 +0000
@@ -521,10 +521,12 @@
 	/* Send our own protocol version identification. */
 	if (compat20) {
 		xasprintf(&client_version_string, "SSH-%d.%d-%.100s\r\n",
-		    PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE);
+		    PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2,
+		    options.debian_banner ? SSH_RELEASE : SSH_RELEASE_MINIMUM);
 	} else {
 		xasprintf(&client_version_string, "SSH-%d.%d-%.100s\n",
-		    PROTOCOL_MAJOR_1, minor1, SSH_RELEASE);
+		    PROTOCOL_MAJOR_1, minor1,
+		    options.debian_banner ? SSH_RELEASE : SSH_RELEASE_MINIMUM);
 	}
 	if (roaming_atomicio(vwrite, connection_out, client_version_string,
 	    strlen(client_version_string)) != strlen(client_version_string))