Removing SSH type/version broadcast
Many vulnerablity scans and "secure/harden your server" tutorials recommend removing the type and version messages from the login/connect of common services to make it more difficult for hackers to know the contents of the server. Other posts have info on how to remove this for Apache, Exim and Bind, but I have not found anyplace to remove it for OpenSSH. Does anyone know how to prevent OpenSSH from indicating:
SSH-1.99-OpenSSH_3.6.1p2
and replacing with something like:
SSH
I'm not aware of a way. You'll probably have to go and have a trawl through the openssh documentation on their site.
Jonathan Michaelson
Need your cPanel servers secured and tuned?
cPanel Server Configuration, Security, Recovery and Antivirus/AntiSpam Services
Developers of the most effective (and free) Firewall & Security Solution for cPanel Servers - csf
http://www.configserver.com
something similar is discussed at :
http://lists.debian.org/debian-secur.../msg00062.html
You might want to have a look.
Shashank Wagh.
Systems Administrator.
http://www.shashank.net
Thanks for the info.
The debian thread was interesting and I might have agreed with it back in 2002 when it looks like a lot of it was posted. Unfortunately, many of our clients are now being forced into using vulnerablity scanning services by the credit card industry and the last 4 services I have seen report the boradcast of OpenSSH type and version as a lower level vulnerablity that should be removed.
Since it does not appear that OpenSSH shares this view, we'll stop looking for a way to remove it for now.
Thanks again!
You are welcome :-)
Shashank Wagh.
Systems Administrator.
http://www.shashank.net
LinkBack URL
About LinkBacks
Reply With Quote