From owner-freebsd-security Mon Mar 19 12:16:43 2001 Delivered-To: freebsd-security@freebsd.org Received: from coconut.itojun.org (coconut.itojun.org [210.160.95.97]) by hub.freebsd.org (Postfix) with ESMTP id A172F37B71B for ; Mon, 19 Mar 2001 12:16:39 -0800 (PST) (envelope-from itojun@itojun.org) Received: from kiwi.itojun.org (localhost.itojun.org [127.0.0.1]) by coconut.itojun.org (8.9.3+3.2W/3.7W) with ESMTP id FAA09944; Tue, 20 Mar 2001 05:16:27 +0900 (JST) To: Kris Kennaway Cc: Shoichi Sakane , freebsd-security@FreeBSD.ORG, markus@OpenBSD.org In-reply-to: kris's message of Mon, 19 Mar 2001 10:43:43 PST. <20010319104343.A3941@xor.obsecurity.org> X-Template-Reply-To: itojun@itojun.org X-Template-Return-Receipt-To: itojun@itojun.org X-PGP-Fingerprint: F8 24 B4 2C 8C 98 57 FD 90 5F B4 60 79 54 16 E2 Subject: Re: Reporting OpenSSH version (Re: What's vunerable?) From: itojun@iijlab.net Date: Tue, 20 Mar 2001 05:16:27 +0900 Message-ID: <9942.985032987@coconut.itojun.org> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >> I compiled and installed 2.2.0 'port revision' 2, and I connected >> to the ssh port number 22 on localhost. the sshd said, >>=20 >> shoichi:~] telnet localhost 22 >> Trying ::1... >> Connected to localhost. >> Escape character is '^]'. >> SSH-1.99-OpenSSH_2.2.0 >>=20 >> I just thought the version was vulnerable. So I think the version >> should be "SSH-1.99-OpenSSH_2.2.0-port_revision_2" > >You're probably right - something along these lines should be done to >distinguish the version reported by scanners like scanssh. I'd prefer >SSH-1.99-OpenSSH_2.2.0_2 myself to be consistent with the naming of >the port itself, but I'm not sure if this is allowable syntax. >Markus, can you comment? never play with openssh version number. the version number string is used as protocol backward compatibility handling. if you import 2.5.1, report that it is 2.5.1. the only way we are allowed to add extra thing is to add it after a space - like SSH-1.99-OpenSSH_2.5.1 foo bar baz see NetBSD src/crypto/dist/ssh/version.h. itojun To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message