https://bugzilla.mindrot.org/show_bug.cgi?id=3862
Bug ID: 3862
Summary: Hide ssh(d) version
Product: Portable OpenSSH
Version: 10.0p2
Hardware: Other
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: sshdude at proton.me
In order to make fingerprinting and attacks harder it would be nice to
have an option which removes stuff like version string from the
handshake.
iirc it is sufficient that there is a "OpenSSH" string inside. But
beyond that nothing else is required.
There are some tutorials out there that do this by recompilation or
binary patching. But a native option would be more appropriate since
this seems to be a concern for quite a few users.
--
You are receiving this mail because:
You are watching the assignee of the bug.
https://bugzilla.mindrot.org/show_bug.cgi?id=3862
Darren Tucker <dtucker at dtucker.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dtucker at dtucker.net
--- Comment #1 from Darren Tucker <dtucker at dtucker.net> ---
The version strings are used for compatibility to avoid bugs and/or
enable features on specific versions. See compat.c for examples in the
OpenSSH client, but also consider that similar mechanisms likely exist
in other SSH implementations.
It is our opinion that removing the version strings will cause more
problems than it solves (if, indeed it solves any problems at all,
which we also doubt).
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
https://bugzilla.mindrot.org/show_bug.cgi?id=3862
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |djm at mindrot.org
Resolution|--- |WONTFIX
Status|NEW |RESOLVED
--- Comment #2 from Damien Miller <djm at mindrot.org> ---
As Darren said, the version string is an important compatibility
mechanism.
Conversely, hiding the version string provides no security benefit.
Attackers can fingerprint implementations quite easily and attempt
attacks blindly where they can't determine the peer's version. The
effect is the same.
Hiding the version is likely to be a security *cost* as it makes
finding outdated versions in one's own infrastructure significantly
more difficult.
For these reasons we won't be implementing this.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.