Re: [Bug 2971] New: Prevent OpenSSH from advertising its version number

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Another reason why this may be useful is prevention of fingerprinting
of OpenSSH client by the server or an outside observer.

On Wed, Feb 20, 2019 at 10:06 AM Loganaden Velvindron
<loganaden@xxxxxxxxx> wrote:
>
> Also, a lot of measurement/research on deployment of OpenSSH rely on
> version advertising for their statistics. It's going to be harder to know
> impact of deprecation of certain legacy features without statistics.
>
> I also agree with Mark here.
>
>
>
> On Wed, Feb 20, 2019 at 10:57 AM Mark D. Baushke <mdb@xxxxxxxxxxx> wrote:
>
> > Nagesh writes:
> >
> > > Cyber security team has recommended to disable the OpenSSH software
> > > version advertising when the connection has been established.
> >
> > With respect, your cyber security team are foolish if they think that
> > obscurity of version will stop any bad actors from attempting to break
> > into OpenSSH in any way possible. The only folks hurt by supressing the
> > version advertising are the other implementations of the Secure Shell.
> >
> > Please DO NOT allow the supression of the OpenSSH version number.
> >
> > There are too just many cases where both OpenSSH interoperating with
> > itself as well as other SSH implementations have needed this version
> > number to properly deal with bugs in the code via negitations.
> >
> > This bug should be closed with WONTFIX.
> >
> >        Thank you,
> >         -- Mark
> > _______________________________________________
> > openssh-unix-dev mailing list
> > openssh-unix-dev@xxxxxxxxxxx
> > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
> >
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev@xxxxxxxxxxx
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux