Re: [Bug 2971] New: Prevent OpenSSH from advertising its version number

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Nagesh writes:

> Cyber security team has recommended to disable the OpenSSH software
> version advertising when the connection has been established.

With respect, your cyber security team are foolish if they think that
obscurity of version will stop any bad actors from attempting to break
into OpenSSH in any way possible. The only folks hurt by supressing the
version advertising are the other implementations of the Secure Shell.

Please DO NOT allow the supression of the OpenSSH version number.

There are too just many cases where both OpenSSH interoperating with
itself as well as other SSH implementations have needed this version
number to properly deal with bugs in the code via negitations.

This bug should be closed with WONTFIX.

       Thank you,
	-- Mark
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux