LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page How to disable SSH version banner ?
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 10-22-2011, 10:11 AM   #1
dlugasx
Member
 
Registered: Dec 2008
Location: Germany/Poland
Distribution: CentOS / Debian / Solaris / RedHat
Posts: 224

Rep: Reputation: 18
How to disable SSH version banner ?

Hello Gurus,

I have a question concerning SSH Security.

Code:
fredy@fredy:~$ telnet server-name.com 22
Trying 88.xx.xx.xx...
Connected to server-name.com.
Escape character is '^]'.
SSH-2.0-OpenSSH_4.6 Debian-4

How to disable SSH version and Operating System banner ?


Thanks in advance


Dlugasx
 
Click here to see the post LQ members have rated as the most helpful post in this thread.
Old 10-22-2011, 10:23 AM   #2
eSelix
Member
 
Registered: Oct 2009
Location: Wroclaw, Poland
Distribution: Kubuntu
Posts: 809

Rep: Reputation: 162Reputation: 162
There is a "Banner" option in "/etc/ssh/sshd_config". Set it to "none".
 
Old 10-22-2011, 10:32 AM   #3
dlugasx
Member
 
Registered: Dec 2008
Location: Germany/Poland
Distribution: CentOS / Debian / Solaris / RedHat
Posts: 224

Original Poster
Rep: Reputation: 18
Quote:
Originally Posted by eSelix View Post
There is a "Banner" option in "/etc/ssh/sshd_config". Set it to "none".
Thanks for the advice... but it doesnt work...

PL(Nie dziala niestety)


Does anybody knows how to remove SSH version and OS description from ssh ?
 
Old 10-22-2011, 10:41 AM   #4
catkin
LQ 5k Club
 
Registered: Dec 2008
Location: Tamil Nadu, India
Distribution: Slackware 13.37, Debian Squeeze
Posts: 7,987
Blog Entries: 25

Rep: Reputation: 1009Reputation: 1009Reputation: 1009Reputation: 1009Reputation: 1009Reputation: 1009Reputation: 1009Reputation: 1009
No such problem on a Debian Squeeze ssh host with the as-installed sshd_config. The Banner line is commented out. The ssh daemon startup script sources the ssh command line options from /etc/default/ssh. It has the line 'SSHD_OPTS=' so sets no options.
 
Old 10-22-2011, 10:58 AM   #5
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Debian, FreeBSD
Posts: 3,749
Blog Entries: 5

Rep: Reputation: Disabled
Quote:
Originally Posted by eSelix
There is a "Banner" option in "/etc/ssh/sshd_config". Set it to "none".
That behavior is supported only as of OpenSSH 4.8 or later: http://www.openssh.org/txt/release-4.8

OP is running OpenSSH 4.6.

-------

@dlugasx: AFAIK, there is no config or runtime option for disabling this in your OpenSSH version. You can:
  1. Recompile the source, with the banner removed or changed. (Waste of time, IMO.) .. OR
  2. Keep your system patched, and do not worry about it.

This falls into the security by obscurity category. Not a great use of your time or effort.
Last edited by anomie; 10-22-2011 at 10:59 AM.
 
2 members found this post helpful.
Old 10-22-2011, 12:11 PM   #6
dlugasx
Member
 
Registered: Dec 2008
Location: Germany/Poland
Distribution: CentOS / Debian / Solaris / RedHat
Posts: 224

Original Poster
Rep: Reputation: 18
Quote:
Originally Posted by anomie View Post
That behavior is supported only as of OpenSSH 4.8 or later: http://www.openssh.org/txt/release-4.8

OP is running OpenSSH 4.6.

-------

@dlugasx: AFAIK, there is no config or runtime option for disabling this in your OpenSSH version. You can:
  1. Recompile the source, with the banner removed or changed. (Waste of time, IMO.) .. OR
  2. Keep your system patched, and do not worry about it.

This falls into the security by obscurity category. Not a great use of your time or effort.

Thanks for advice...
 
Old 02-10-2012, 08:15 PM   #7
scandalist
LQ Newbie
 
Registered: Apr 2011
Posts: 13

Rep: Reputation: 0
Really simple...

just add "DebianBanner no" to the /etc/ssh/sshd_config

*Note* Not sure if this works for other distros.
 
  


Reply

Tags
banner, disable, ssh, version


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Disable CUPS Print Banner arvineb Linux - General 4 02-16-2010 05:37 AM
Cups/Samba disable banner printing devbro Linux - Networking 3 06-05-2009 05:50 PM
hide ssh banner shafey Linux - Security 2 05-17-2006 04:45 PM
SSH banner design garnser Linux - Software 1 10-16-2004 02:07 AM
change the banner for ssh [cacheflow] Linux - Security 5 09-16-2002 03:03 PM


All times are GMT -5. The time now is 09:51 AM.

Contact Us - Advertising Info - Rules - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
 
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: @linuxquestions
Open Source Consulting | Domain Registration