Date: Thu, 20 Feb 2020 15:19:43 -0000 (UTC) From: Christian Weisgerber <naddy@mips.inka.de> To: freebsd-questions@freebsd.org Subject: Re: tightening sshd, removing server identification banner Message-ID: <slrnr4t8sf.mkd.naddy@lorvorc.mips.inka.de> References: <CAPORhP4JmTB-Cf04Mgtae9EnHCRPe=5LHs_xtbZE%2BAPoP6pVbg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2020-02-17, David Mehler <dave.mehler@gmail.com> wrote: > I'm running FreeBSD 12.0. I'm atempting to tighten up my sshd > configuration. I've got things where I want them, except for the > connecting banner. I'm using sshaudit.com to test things and this is > what it's saying for the banner setting: > > Banner:SSH-2.0-OpenSSH_7.8 FreeBSD-20180909 > > I would rather this be set to nothing or at most very minimal. RFC4253 says the identification string MUST be SSH-protoversion-softwareversion SP comments CR LF where only "comments" is optional. I also recommend a look at src/crypto/openssh/compat.c to gain some appreciation that "softwareversion" is important. -- Christian "naddy" Weisgerber naddy@mips.inka.de
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?slrnr4t8sf.mkd.naddy>