Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Removing SSH type/version broadcast

Discussion in 'General Discussion' started by FreedomNet, Aug 10, 2005.

  1. FreedomNet

    FreedomNet Active Member

    Joined:
    Mar 29, 2004
    Messages:
    31
    Likes Received:
    0
    Trophy Points:
    156
    Many vulnerablity scans and "secure/harden your server" tutorials recommend removing the type and version messages from the login/connect of common services to make it more difficult for hackers to know the contents of the server. Other posts have info on how to remove this for Apache, Exim and Bind, but I have not found anyplace to remove it for OpenSSH. Does anyone know how to prevent OpenSSH from indicating:
    SSH-1.99-OpenSSH_3.6.1p2
    and replacing with something like:
    SSH
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,460
    Likes Received:
    21
    Trophy Points:
    463
    Location:
    Go on, have a guess
    I'm not aware of a way. You'll probably have to go and have a trawl through the openssh documentation on their site.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. shashank

    shashank Well-Known Member
    PartnerNOC

    Joined:
    Apr 12, 2003
    Messages:
    159
    Likes Received:
    1
    Trophy Points:
    168
    cPanel Access Level:
    Root Administrator
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. FreedomNet

    FreedomNet Active Member

    Joined:
    Mar 29, 2004
    Messages:
    31
    Likes Received:
    0
    Trophy Points:
    156
    Thanks for the info.

    The debian thread was interesting and I might have agreed with it back in 2002 when it looks like a lot of it was posted. Unfortunately, many of our clients are now being forced into using vulnerablity scanning services by the credit card industry and the last 4 services I have seen report the boradcast of OpenSSH type and version as a lower level vulnerablity that should be removed.

    Since it does not appear that OpenSSH shares this view, we'll stop looking for a way to remove it for now.

    Thanks again!
     
  5. shashank

    shashank Well-Known Member
    PartnerNOC

    Joined:
    Apr 12, 2003
    Messages:
    159
    Likes Received:
    1
    Trophy Points:
    168
    cPanel Access Level:
    Root Administrator
    You are welcome :)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice