LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 10-22-2011, 10:11 AM   #1
dlugasx
Member
 
Registered: Dec 2008
Location: Germany/Poland
Distribution: CentOS / Debian / Solaris / RedHat
Posts: 242

Rep: Reputation: 18
How to disable SSH version banner ?


Hello Gurus,

I have a question concerning SSH Security.

Code:
fredy@fredy:~$ telnet server-name.com 22
Trying 88.xx.xx.xx...
Connected to server-name.com.
Escape character is '^]'.
SSH-2.0-OpenSSH_4.6 Debian-4

How to disable SSH version and Operating System banner ?


Thanks in advance


Dlugasx
 
Click here to see the post LQ members have rated as the most helpful post in this thread.
Old 10-22-2011, 10:23 AM   #2
eSelix
Senior Member
 
Registered: Oct 2009
Location: Wroclaw, Poland
Distribution: Kubuntu
Posts: 1,191

Rep: Reputation: 301Reputation: 301Reputation: 301Reputation: 301
There is a "Banner" option in "/etc/ssh/sshd_config". Set it to "none".
 
Old 10-22-2011, 10:32 AM   #3
dlugasx
Member
 
Registered: Dec 2008
Location: Germany/Poland
Distribution: CentOS / Debian / Solaris / RedHat
Posts: 242

Original Poster
Rep: Reputation: 18
Quote:
Originally Posted by eSelix View Post
There is a "Banner" option in "/etc/ssh/sshd_config". Set it to "none".
Thanks for the advice... but it doesnt work...

PL(Nie dziala niestety)


Does anybody knows how to remove SSH version and OS description from ssh ?
 
Old 10-22-2011, 10:41 AM   #4
catkin
LQ 5k Club
 
Registered: Dec 2008
Location: Tamil Nadu, India
Distribution: Servers: Debian Squeeze and Wheezy. Desktop: Slackware64 14.0. Netbook: Slackware 13.37
Posts: 8,531
Blog Entries: 27

Rep: Reputation: 1176Reputation: 1176Reputation: 1176Reputation: 1176Reputation: 1176Reputation: 1176Reputation: 1176Reputation: 1176Reputation: 1176
No such problem on a Debian Squeeze ssh host with the as-installed sshd_config. The Banner line is commented out. The ssh daemon startup script sources the ssh command line options from /etc/default/ssh. It has the line 'SSHD_OPTS=' so sets no options.
 
Old 10-22-2011, 10:58 AM   #5
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora, Lubuntu, FreeBSD
Posts: 3,930
Blog Entries: 5

Rep: Reputation: Disabled
Quote:
Originally Posted by eSelix
There is a "Banner" option in "/etc/ssh/sshd_config". Set it to "none".
That behavior is supported only as of OpenSSH 4.8 or later: http://www.openssh.org/txt/release-4.8

OP is running OpenSSH 4.6.

-------

@dlugasx: AFAIK, there is no config or runtime option for disabling this in your OpenSSH version. You can:
  1. Recompile the source, with the banner removed or changed. (Waste of time, IMO.) .. OR
  2. Keep your system patched, and do not worry about it.

This falls into the security by obscurity category. Not a great use of your time or effort.

Last edited by anomie; 10-22-2011 at 10:59 AM.
 
2 members found this post helpful.
Old 10-22-2011, 12:11 PM   #6
dlugasx
Member
 
Registered: Dec 2008
Location: Germany/Poland
Distribution: CentOS / Debian / Solaris / RedHat
Posts: 242

Original Poster
Rep: Reputation: 18
Quote:
Originally Posted by anomie View Post
That behavior is supported only as of OpenSSH 4.8 or later: http://www.openssh.org/txt/release-4.8

OP is running OpenSSH 4.6.

-------

@dlugasx: AFAIK, there is no config or runtime option for disabling this in your OpenSSH version. You can:
  1. Recompile the source, with the banner removed or changed. (Waste of time, IMO.) .. OR
  2. Keep your system patched, and do not worry about it.

This falls into the security by obscurity category. Not a great use of your time or effort.

Thanks for advice...
 
Old 02-10-2012, 08:15 PM   #7
scandalist
LQ Newbie
 
Registered: Apr 2011
Posts: 27

Rep: Reputation: 1
Really simple...

just add "DebianBanner no" to the /etc/ssh/sshd_config

*Note* Not sure if this works for other distros.
 
Old 12-31-2013, 02:08 AM   #8
malayo
Member
 
Registered: Dec 2010
Posts: 122

Rep: Reputation: 1
DebianBanner not working

on wheezy, i tried adding "DebianBanner no" in /etc/ssh/sshd_config but i'm still getting banner displayed when i telnet to ssh port

openssh server version: 6.0p1-4
 
  


Reply

Tags
banner, disable, ssh, version


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
hide ssh banner shafey Linux - Security 3 04-14-2013 05:59 PM
Disable CUPS Print Banner arvineb Linux - General 4 02-16-2010 05:37 AM
Cups/Samba disable banner printing devbro Linux - Networking 3 06-05-2009 05:50 PM
SSH banner design garnser Linux - Software 1 10-16-2004 02:07 AM
change the banner for ssh [cacheflow] Linux - Security 5 09-16-2002 03:03 PM


All times are GMT -5. The time now is 10:58 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration