Re: Re: [Bug 2971] New: Prevent OpenSSH from advertising its version number

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On 02/20/2019 07:51 AM, Mark D. Baushke wrote:
> There are too just many cases where both OpenSSH interoperating with
> itself as well as other SSH implementations have needed this version
> number to properly deal with bugs in the code via negitations.

FWIW, and without dismissing the possibility of fingerprinting a server
in other ways, the fact that clients that *can* pass authentication have
a need to know the server's version number (and vice versa) does not
necessarily imply that that information needs to be passed in the
*public* part of the protocol ...

Regards,
-- 
Jochen Bern
Systemingenieur

www.binect.de
www.facebook.de/binect

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux