Page MenuHomeVyOS Platform

OpenSSH - disable software version reporting
In progress, NormalPublicFEATURE REQUEST

Description

need to add to sshd_config
DebianBanner no

Details

Version
-
Is it a breaking change?
Behavior change
Issue type
Feature (new functionality)

Related Objects

StatusSubtypeAssignedTask
OpenFEATURE REQUESTNone
In progressFEATURE REQUESTNone

Event Timeline

syncer changed the task status from Open to In progress.
syncer triaged this task as Normal priority.
vyosbot added a project: Restricted Project.Oct 14 2024, 8:16 AM
dmbaturin removed a project: Restricted Project.Oct 14 2024, 8:51 AM
dmbaturin changed Is it a breaking change? from Unspecified (possibly destroys the router) to Behavior change.
dmbaturin changed Issue type from Unspecified (please specify) to behavior-change.

Had a look at this since it seems an easy task, but adding DebianBanner no only removes the Debian packages version string. As far as I can tell there is no way to remove the SSHd versiond used.

Connected to localhost.
Escape character is '^]'.
SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u3
Connection closed.

With DebianBanner no

Connected to localhost.
Escape character is '^]'.
SSH-2.0-OpenSSH_9.2p1
Connection closed.

Personally I would still prefer the later that is with DebianBanner no.

But from attackvector point of view - the malware will not care if or what banner your server/router reply with, it will blindly send in its payload anyway and hope for the best.

dmbaturin changed Issue type from behavior-change to Feature (new functionality).Nov 27 2024, 6:49 PM