On 2019/02/20 10:59, Jochen Bern wrote: > On 02/20/2019 07:51 AM, Mark D. Baushke wrote: > > There are too just many cases where both OpenSSH interoperating with > > itself as well as other SSH implementations have needed this version > > number to properly deal with bugs in the code via negitations. > > FWIW, and without dismissing the possibility of fingerprinting a server > in other ways, the fact that clients that *can* pass authentication have > a need to know the server's version number (and vice versa) does not > necessarily imply that that information needs to be passed in the > *public* part of the protocol ... Some of the compat code is pre-authentication. It is required to have the version number early. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev