On 21.02.21 06:37, Stef Bon wrote:
> Hi,
>
> in the iptables subsystem of Linux it's possible to get the
> fingerprint of the peer OS.
> See:
>
> man iptables-extensions
> under osf
>
> If this information is available it's possible to adjust behaviour (a
> little) to meet the peer's flaws and maybe bugs. Have you ever thought
> about that?
My - admittedly first ever - thoughts on that:
-- Doesn't OpenSSH already parse the peer's Hello String for that
purpose?
-- (The possibility of SSH software other than the OS default being
installed has already been mentioned)
-- osf can also differ from defaults (own fingerprint files being
loaded, --ttl param etc.)
-- Just because the kernel('s iptables implementation) has that info
doesn't mean that ssh(d) can easily get it
-- Not to forget non-Linux systems ...
Regards,
--
Jochen Bern
Systemingenieur
Binect GmbH
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
