openssh unix dev - May 2021 - [SUSPECTED SPAM] Filtering incoming connections on the basis of the ID string

I would be interested to filter incoming connections depending on the exact
nature of the ID string supplied by the customer.  RFC 4253 specifies that
that ID string should conform to the following structure:

      SSH-protoversion-softwareversion SP comments CR LF

I would like to be able to selectively allow incoming connections to
proceed (or terminate them there and then) when the value of
softwareversion (or even comments) matches some predetermined pattern. Is
this something that OpenSSH servers can do?

On Sun, 30 May 2021, Luveh Keraph wrote:
> I would be interested to filter incoming connections depending on the exact
> nature of the ID string supplied by the customer.  RFC 4253 specifies that
> that ID string should conform to the following structure:
> 
>       SSH-protoversion-softwareversion SP comments CR LF
> 
> I would like to be able to selectively allow incoming connections to
> proceed (or terminate them there and then) when the value of
> softwareversion (or even comments) matches some predetermined pattern. Is
> this something that OpenSSH servers can do?
No, but it probably wouldn't be too hard to implement a "Match
clientversion"

What would be the purpose of this filtering? If you're considering it to
block password guessers, and such filtering becomes popular, then they
are highly likely to change their version strings.

IMO it's generally better to disallow password authentication, except from
trusted sources.

-d