Hello everyone,
I seem to remember that, quite some while back, there were provisions in
OpenSSH to look at the version string in the peer's hello and activate
compatibility options for peer software that needed them.
Now, with CVE-2024-31497, I would like to have a look at the version
strings of clients and servers other organizations use to exchange data
with us; I remember occasionally seeing references in their hellos that
their dedicated file transfer software was supposedly based on a PuTTY
*library*.
Apart from using tcpdump or cranking the log level *way* up, would it be
possible to configure OpenSSH to extract *that* information
specifically, a la
Match PeerVersion "*putty*"
Log "PuTTY-using peer found!"
Banner /etc/ssh/you_want_to_have_a_look_at_this_cve.txt
?
Kind regards and thanks in advance,
--
Jochen Bern
Systemingenieur
Binect GmbH
I seem to remember that, quite some while back, there were provisions in
OpenSSH to look at the version string in the peer's hello and activate
compatibility options for peer software that needed them.
Now, with CVE-2024-31497, I would like to have a look at the version
strings of clients and servers other organizations use to exchange data
with us; I remember occasionally seeing references in their hellos that
their dedicated file transfer software was supposedly based on a PuTTY
*library*.
Apart from using tcpdump or cranking the log level *way* up, would it be
possible to configure OpenSSH to extract *that* information
specifically, a la
Match PeerVersion "*putty*"
Log "PuTTY-using peer found!"
Banner /etc/ssh/you_want_to_have_a_look_at_this_cve.txt
?
Kind regards and thanks in advance,
--
Jochen Bern
Systemingenieur
Binect GmbH
Attached Files:
-
smime.p7s (3.37 KB)