rpm version-release in Version strings of OpenSSH, Apache etc?

Vincent pros-n-cons at bak.rr.com
Fri Sep 26 17:32:50 UTC 2003


On Fri, 26 Sep 2003 20:11:27 +0300 (EEST)
Pekka Savola <pekkas at netcore.fi> wrote:

> You're already in pretty deep shit if you're worried about someone
> exploiting your SSH services and they get to see the banner.  This means 
> you haven't firewalled away the port or put in TCP Wrappers for it.

Yeah I only have a selected few with SSH access so access is pinched with those
but there are times when I'll be moving to a machine the host address is not
known untill I get there. So open for all happens sometimes. There are a few
things I can do to side step this but Its not completly written yet.

> 
> Banners are used to enable bug workarounds for broken versions, so they're 
> pretty useful.. :-)
> 
> There is an option in OpenSSH so you can set the Version string yourself 
> if you want, btw.

If you mean setting the banner in sshd config that wont work. it is more like
an MOTD. if you netcat to 22 it will still spit everything out same as before.
If you ment something else, let me know. I'd like to try it out.
 
> So, IMHO, version strings could seem quite handy.  AFAIK, Debian already 
> does this, and FreeBSD as well. (These two examples from OpenSSH.)
> 
> -- 
> Pekka Savola                 "You each name yourselves king, yet the
> Netcore Oy                    kingdom bleeds."
> Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
> 
> 
> --
> fedora-devel-list mailing list
> fedora-devel-list at redhat.com
> http://www.redhat.com/mailman/listinfo/fedora-devel-list





More information about the fedora-devel-list mailing list