Turning off sshd version display when someone telnets to port.

Chuck Swiger cswiger at mac.com
Sat Jun 19 09:23:18 PDT 2004


Emperor of Florida wrote:
[ ...concealing the purpose of a port... ]
> Currently when you telnet to it you will see:
> Escape character is '^]'.
> SSH-1.99-OpenSSH_3.6.1p1 YbrickRd

As Jeremy said, SSH depends on exchanging the version of the procotols it is 
using in order for both sides to figure out what types of cryptography they 
can use.

You have already improved the security of your installation significantly, and 
to the point where any gains beyond this are going to require heroic measures. 
  You might consider setting up IPsec, or blocking inbound SSH connections 
from all but a few IP addresses, or changing SSH to use OPIE rather than 
reusable passwords.

-- 
-Chuck



More information about the freebsd-questions mailing list