tightening sshd, removing server identification banner
Christian Weisgerber
naddy at mips.inka.de
Thu Feb 20 15:20:16 UTC 2020
On 2020-02-17, David Mehler <dave.mehler at gmail.com> wrote:
> I'm running FreeBSD 12.0. I'm atempting to tighten up my sshd
> configuration. I've got things where I want them, except for the
> connecting banner. I'm using sshaudit.com to test things and this is
> what it's saying for the banner setting:
>
> Banner:SSH-2.0-OpenSSH_7.8 FreeBSD-20180909
>
> I would rather this be set to nothing or at most very minimal.
RFC4253 says the identification string MUST be
SSH-protoversion-softwareversion SP comments CR LF
where only "comments" is optional.
I also recommend a look at src/crypto/openssh/compat.c to gain some
appreciation that "softwareversion" is important.
--
Christian "naddy" Weisgerber naddy at mips.inka.de
More information about the freebsd-questions
mailing list