GSR-IconBannerAd_v1d

Security Advisories

Trustwave Press Releases

« SpiderLabs Radio October 11, 2013 w/ Space Rogue | Main | TrustKeeper Scan Engine Update - October 15, 2013 »

14 October 2013

Comments

Techhelplistcom - Very good point. I should have mentioned something about that in the post, but neglected to. By changing that config option, you essentially hide the SSH comment portion (described above) of the OpenSSH banner. It would still show the SSH version and OpenSSH version, but would effectively prevent someone from doing the translation technique to identify the Operating System. I'm more interested in people upgrading their operating systems to supported versions than hiding the fact that they are running older ones, but your point is definitely an important piece that some users may want to consider if that information is considered sensitive in the context of your environment.

sshd_config

DebianBanner no

or i guess compile your own sshd binary to hide the version entirely.

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment