Re: [SUSPECTED SPAM] Filtering incoming connections on the basis of the ID string

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Sun, 30 May 2021, Luveh Keraph wrote:

> I would be interested to filter incoming connections depending on the exact
> nature of the ID string supplied by the customer.  RFC 4253 specifies that
> that ID string should conform to the following structure:
> 
>       SSH-protoversion-softwareversion SP comments CR LF
> 
> I would like to be able to selectively allow incoming connections to
> proceed (or terminate them there and then) when the value of
> softwareversion (or even comments) matches some predetermined pattern. Is
> this something that OpenSSH servers can do?

No, but it probably wouldn't be too hard to implement a "Match clientversion"

What would be the purpose of this filtering? If you're considering it to
block password guessers, and such filtering becomes popular, then they
are highly likely to change their version strings.

IMO it's generally better to disallow password authentication, except from
trusted sources.

-d
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux