[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#774410: allow for the package-specific version banner to be suppressed for ssh client



Control: merge 774410 774411

On Fri, Jan 02, 2015 at 11:14:21AM +0100, Fedor Brunner wrote:
> it should be possible to suppress the exact package version of
> openssh that is reported during the initial protocol handshake
> also for ssh client.

This sort of patch carries an ongoing maintenance burden (and not an
entirely trivial one; patches to the configuration-reading code normally
conflict and require manual resolution when upgrading to new upstream
versions), so you're going to have to make the case for why it's
important in practice to conceal the client version.  While I'm not
wholly convinced that concealing the server version is interesting or
valuable, surely vulnerabilities in that direction are orders of
magnitude more common.

-- 
Colin Watson                                       [cjwatson@debian.org]


Reply to: