Bug#774410: allow for the package-specific version banner to be suppressed for ssh client
On 02.01.2015 13:23, Colin Watson wrote:
> Control: merge 774410 774411
>
> On Fri, Jan 02, 2015 at 11:14:21AM +0100, Fedor Brunner wrote:
>> it should be possible to suppress the exact package version of
>> openssh that is reported during the initial protocol handshake
>> also for ssh client.
>
> This sort of patch carries an ongoing maintenance burden (and not an
> entirely trivial one; patches to the configuration-reading code normally
> conflict and require manual resolution when upgrading to new upstream
> versions), so you're going to have to make the case for why it's
> important in practice to conceal the client version. While I'm not
> wholly convinced that concealing the server version is interesting or
> valuable, surely vulnerabilities in that direction are orders of
> magnitude more common.
>
I understand that there is maintenance burden with each
configuration-reading code, but this burden is already there for
DebianBanner in sshd_config .
The main use case for this switch is an user that wants to protect his
privacy and don't want tell with each SSH connection which Debian (or
Debian derivative) is he using.
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1195342/
Reply to: