Hi
I'm curious if there is a gentoo way to disable my ssh daemon from
advertising the SSH version and OpenSSH version, like this:
$ telnet pizza 22
Trying 192.168.0.15...
Connected to pizza.
Escape character is '^]'.
SSH-2.0-OpenSSH_3.9p1
^]
telnet> q
Connection closed.
Or could this removal cause havoc to my ssh/scp/sftp connectivity?
Just thinking that if I move my ssh port to be 10022 to have it in a
non-standard port, this doesn't help me at all as even script kiddies
can locate the non-standard port if they just do a wide enough port scan
and with enough patience so that port scanning isn't detected by other
active security measures.
This would at least slow down the security hole testing of the attacker
as they know that something is there, but not necessarily the version of
it. A colleague suggested to recompile my openssh after having patched
the sources for this, but I was whondering if gentoo had a solution to
this yet?
Also I couldn't see that the sshd_config would support this setting, but
if it does, please do tell me about it. ;)
-Jukka Palko
--
Jukka Palko jpalko@vapaa.fi
Postmaster jpalko@ipi.fi
Vapaa Internet Ry +358-(0)50-4876931
"Only if you want to, will you find a way..." -- Enya
--
gentoo-security@gentoo.org mailing list
I'm curious if there is a gentoo way to disable my ssh daemon from
advertising the SSH version and OpenSSH version, like this:
$ telnet pizza 22
Trying 192.168.0.15...
Connected to pizza.
Escape character is '^]'.
SSH-2.0-OpenSSH_3.9p1
^]
telnet> q
Connection closed.
Or could this removal cause havoc to my ssh/scp/sftp connectivity?
Just thinking that if I move my ssh port to be 10022 to have it in a
non-standard port, this doesn't help me at all as even script kiddies
can locate the non-standard port if they just do a wide enough port scan
and with enough patience so that port scanning isn't detected by other
active security measures.
This would at least slow down the security hole testing of the attacker
as they know that something is there, but not necessarily the version of
it. A colleague suggested to recompile my openssh after having patched
the sources for this, but I was whondering if gentoo had a solution to
this yet?
Also I couldn't see that the sshd_config would support this setting, but
if it does, please do tell me about it. ;)
-Jukka Palko
--
Jukka Palko jpalko@vapaa.fi
Postmaster jpalko@ipi.fi
Vapaa Internet Ry +358-(0)50-4876931
"Only if you want to, will you find a way..." -- Enya
--
gentoo-security@gentoo.org mailing list