Another reason why this may be useful is prevention of fingerprinting of OpenSSH client by the server or an outside observer. On Wed, Feb 20, 2019 at 10:06 AM Loganaden Velvindron <loganaden@xxxxxxxxx> wrote: > > Also, a lot of measurement/research on deployment of OpenSSH rely on > version advertising for their statistics. It's going to be harder to know > impact of deprecation of certain legacy features without statistics. > > I also agree with Mark here. > > > > On Wed, Feb 20, 2019 at 10:57 AM Mark D. Baushke <mdb@xxxxxxxxxxx> wrote: > > > Nagesh writes: > > > > > Cyber security team has recommended to disable the OpenSSH software > > > version advertising when the connection has been established. > > > > With respect, your cyber security team are foolish if they think that > > obscurity of version will stop any bad actors from attempting to break > > into OpenSSH in any way possible. The only folks hurt by supressing the > > version advertising are the other implementations of the Secure Shell. > > > > Please DO NOT allow the supression of the OpenSSH version number. > > > > There are too just many cases where both OpenSSH interoperating with > > itself as well as other SSH implementations have needed this version > > number to properly deal with bugs in the code via negitations. > > > > This bug should be closed with WONTFIX. > > > > Thank you, > > -- Mark > > _______________________________________________ > > openssh-unix-dev mailing list > > openssh-unix-dev@xxxxxxxxxxx > > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev > > > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev@xxxxxxxxxxx > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev