LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   How to disable SSH version banner ? (http://www.linuxquestions.org/questions/linux-security-4/how-to-disable-ssh-version-banner-909540/)

dlugasx 10-22-2011 10:11 AM

How to disable SSH version banner ?
 
Hello Gurus,

I have a question concerning SSH Security.

Code:


fredy@fredy:~$ telnet server-name.com 22
Trying 88.xx.xx.xx...
Connected to server-name.com.
Escape character is '^]'.
SSH-2.0-OpenSSH_4.6 Debian-4


How to disable SSH version and Operating System banner ?


Thanks in advance


Dlugasx

eSelix 10-22-2011 10:23 AM

There is a "Banner" option in "/etc/ssh/sshd_config". Set it to "none".

dlugasx 10-22-2011 10:32 AM

Quote:

Originally Posted by eSelix (Post 4505237)
There is a "Banner" option in "/etc/ssh/sshd_config". Set it to "none".

Thanks for the advice... but it doesnt work...

PL(Nie dziala niestety) ;)


Does anybody knows how to remove SSH version and OS description from ssh ?

catkin 10-22-2011 10:41 AM

No such problem on a Debian Squeeze ssh host with the as-installed sshd_config. The Banner line is commented out. The ssh daemon startup script sources the ssh command line options from /etc/default/ssh. It has the line 'SSHD_OPTS=' so sets no options.

anomie 10-22-2011 10:58 AM

Quote:

Originally Posted by eSelix
There is a "Banner" option in "/etc/ssh/sshd_config". Set it to "none".

That behavior is supported only as of OpenSSH 4.8 or later: http://www.openssh.org/txt/release-4.8

OP is running OpenSSH 4.6.

-------

@dlugasx: AFAIK, there is no config or runtime option for disabling this in your OpenSSH version. You can:
  1. Recompile the source, with the banner removed or changed. (Waste of time, IMO.) .. OR
  2. Keep your system patched, and do not worry about it.

This falls into the security by obscurity category. Not a great use of your time or effort.

dlugasx 10-22-2011 12:11 PM

Quote:

Originally Posted by anomie (Post 4505260)
That behavior is supported only as of OpenSSH 4.8 or later: http://www.openssh.org/txt/release-4.8

OP is running OpenSSH 4.6.

-------

@dlugasx: AFAIK, there is no config or runtime option for disabling this in your OpenSSH version. You can:
  1. Recompile the source, with the banner removed or changed. (Waste of time, IMO.) .. OR
  2. Keep your system patched, and do not worry about it.

This falls into the security by obscurity category. Not a great use of your time or effort.


Thanks for advice...

scandalist 02-10-2012 08:15 PM

Really simple...

just add "DebianBanner no" to the /etc/ssh/sshd_config

*Note* Not sure if this works for other distros.

malayo 12-31-2013 02:08 AM

DebianBanner not working
 
on wheezy, i tried adding "DebianBanner no" in /etc/ssh/sshd_config but i'm still getting banner displayed when i telnet to ssh port

openssh server version: 6.0p1-4


All times are GMT -5. The time now is 03:42 AM.