need to add to sshd_config
DebianBanner no
Description
Description
Details
Details
- Version
- -
- Is it a breaking change?
- Behavior change
- Issue type
- Feature (new functionality)
Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
Open | FEATURE REQUEST | None | T6733 Do not report software versions root task | ||
In progress | FEATURE REQUEST | None | T6735 OpenSSH - disable software version reporting |
Event Timeline
Comment Actions
Had a look at this since it seems an easy task, but adding DebianBanner no only removes the Debian packages version string. As far as I can tell there is no way to remove the SSHd versiond used.
Connected to localhost. Escape character is '^]'. SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u3 Connection closed.
With DebianBanner no
Connected to localhost. Escape character is '^]'. SSH-2.0-OpenSSH_9.2p1 Connection closed.
Comment Actions
Personally I would still prefer the later that is with DebianBanner no.
But from attackvector point of view - the malware will not care if or what banner your server/router reply with, it will blindly send in its payload anyway and hope for the best.