Latest LQ Deal: Latest LQ Deals
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 03-12-2005, 02:32 PM   #1
LQ Newbie
Registered: Jan 2005
Posts: 14

Rep: Reputation: 0
openssh banner displayed with telnet

Okay, yesterday I believe that my slackware box was comprimised. While I was sitting in front of my comp, and I noticed that my cpu and mem usage were way up. I checked to see what processes were running, and I noticed that updatedb was being run (as root ofcourse), and I did not invoke it and nor was had I logged in as root any time before that.

I then killed the process and disabled my sshd and ftpd (although I should of checked to see if someone really was logged into my machine first, but i panicked).

So, today I have taken the liberty to secure my box, ie. install new versions of openssh and proftpd, and re-configure my firewall. I also ssh'd and ftp'd to my machine to make sure that no banners were being displayed. I thought that it would be a good idea to telnet to both ports 21 and 22 to see if any undesired output might be displayed. Port 21 looked okay, but on 22 openssh spits out:
Escape character is '^]'.
I was utterly shocked at what I saw, as I do not wish for people to know what exact services are on my machine. I do not believe that there are currently an remote exploits available for openssh_3.9, but that is not to say that this will always be the case.

So, the question is, how do I disable such output from the server? I have consulted my config file and the man pages, as well as google, but I was still unable to come up with anything.

Then again, this may not be a critical issue. But I try to be as security conscience as possible
Any help would be greatly appreciated.
Old 03-12-2005, 03:13 PM   #2
LQ Newbie
Registered: Jan 2004
Distribution: Arch Linux 0.7, FreeBSD 4.11, 5.3
Posts: 9

Rep: Reputation: 0
if you think thats bad

nmap -vv -O -sV -sR <ip address>
If the ip address is out of your lan then add -P0 to the command

that will dump your operating system name, and get version info for most programs bound to a socket. (like openssh or apache)

basically what i'm saying is dont worry about it, you can't avoid it because its probably part of the openssh protocol. (telnet without a telnet host is basically a raw client, which is why you can get on irc servers with it.)
Old 03-12-2005, 03:58 PM   #3
LQ Newbie
Registered: Jan 2005
Posts: 14

Original Poster
Rep: Reputation: 0
I am aware of what telnet can be used for and that nmap can perform OS fingerprinting, however, I was unaware that nmap had service version detection capablities.

I guess that there is nothing that I can really do then. However, I am still surpised that openssh would actually advertise that their service is running on a machine.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
LQ Banner bongenheimer LQ Suggestions & Feedback 12 10-31-2005 11:14 AM
telnet banner freebsd? evilchild *BSD 2 01-10-2004 04:30 AM
banner message before telnet login digitalgravy Linux - Newbie 3 12-19-2003 02:31 PM
telnet - banner but no login? polo76 Linux - General 2 06-23-2003 09:30 AM
ssh, openssh... telnet desjazz Linux - Newbie 2 03-10-2003 02:23 PM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 06:08 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration