bugzilla-daemon at mindrot.org
2023-Jul-07 09:51 UTC
[Bug 3587] New: Would OpenSSH consider adding a switch to hide the specific OpenSSH version number?
https://bugzilla.mindrot.org/show_bug.cgi?id=3587
Bug ID: 3587
Summary: Would OpenSSH consider adding a switch to hide the
specific OpenSSH version number?
Product: Portable OpenSSH
Version: -current
Hardware: Other
OS: Linux
Status: NEW
Severity: security
Priority: P5
Component: sshd
Assignee: unassigned-bugs at mindrot.org
Reporter: rmsh1216 at 163.com
Although I know that the sshv2 protocol, rfcrfc4253, describes Protocol
Version Exchange, I would like to ask if openssh will consider adding a
new switch to allow customers to choose to hide the specific version
number of openssh or delete the specific version number in debug logs
during version exchange.
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2023-Jul-08 05:39 UTC
[Bug 3587] Would OpenSSH consider adding a switch to hide the specific OpenSSH version number?
https://bugzilla.mindrot.org/show_bug.cgi?id=3587
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |djm at mindrot.org
--- Comment #1 from Damien Miller <djm at mindrot.org> ---
what would this achieve?
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2023-Jul-11 08:33 UTC
[Bug 3587] Would OpenSSH consider adding a switch to hide the specific OpenSSH version number?
https://bugzilla.mindrot.org/show_bug.cgi?id=3587 --- Comment #2 from renmingshuai <rmsh1216 at 163.com> --- Some scanning software determines whether OpenSSH has certain vulnerabilities based on the specific version number, even if the vulnerabilities have been fixed through patches. Hiding specific version numbers can be scanned through these. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2023-Jul-11 10:49 UTC
[Bug 3587] Would OpenSSH consider adding a switch to hide the specific OpenSSH version number?
https://bugzilla.mindrot.org/show_bug.cgi?id=3587
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |WONTFIX
Status|NEW |RESOLVED
--- Comment #3 from Damien Miller <djm at mindrot.org> ---
placating incorrect reports from naive scanning software isn't a good
reason to break an important compatibility feature, sorry. I suggest
using the existing VersionAddendum option to signal patching status.
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
Possibly Parallel Threads
- [Bug 3656] New: How to fix row hammer attacks?
- [Bug 3693] New: Is SFTP local command execution implemented based on an RFC protocol?
- [Bug 3531] New: Ssh will not exit when it receives SIGTERM before calling poll in client_wait_until_can_do_something until some events happen.
- [Bug 3597] New: Why do we check both nsession_ids and remote_add_provider when judging whether allow remote addition of FIDO/PKCS11 provider libraries is disabled?
- [Bug 3526] New: Config option AddressFamily has no effect?