Latest SSH?
Danny Woods
danny at khisanth.hopto.org
Mon Mar 29 01:30:54 PST 2004
Hi all,
I upgraded from 5.1 to 5.2.1p3 over the weekend, and finished off with a Nessus
scan to check that ssh was the only port visible to the outside world. Despite
a recent (i.e. last Thursday) cvsup to sync the source tree, I'm getting a
high severity warning about a hole in SSH based on the version number reported
(3.6.1p1 FreeBSD-20030924). I'm using the core ssh, not the version from ports.
Does anyone know if this problem is real, or a false-positive?
As an aside, can sshd be prevented from reporting its version number on
connect, or is this something that a client-app needs to know?
Thanks,
Danny.
More information about the freebsd-questions
mailing list