LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page How to disable SSH version banner ?
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 10-22-2011, 10:11 AM   #1
dlugasx
Member
 
Registered: Dec 2008
Location: Germany/Poland
Distribution: CentOS / Debian / Solaris / RedHat
Posts: 266

Rep: Reputation: 19
How to disable SSH version banner ?

Hello Gurus,

I have a question concerning SSH Security.

Code:
fredy@fredy:~$ telnet server-name.com 22
Trying 88.xx.xx.xx...
Connected to server-name.com.
Escape character is '^]'.
SSH-2.0-OpenSSH_4.6 Debian-4

How to disable SSH version and Operating System banner ?


Thanks in advance


Dlugasx
 
Click here to see the post LQ members have rated as the most helpful post in this thread.
Old 10-22-2011, 10:23 AM   #2
eSelix
Senior Member
 
Registered: Oct 2009
Location: Wroclaw, Poland
Distribution: Arch, Kubuntu
Posts: 1,281

Rep: Reputation: 320Reputation: 320Reputation: 320Reputation: 320
There is a "Banner" option in "/etc/ssh/sshd_config". Set it to "none".
 
Old 10-22-2011, 10:32 AM   #3
dlugasx
Member
 
Registered: Dec 2008
Location: Germany/Poland
Distribution: CentOS / Debian / Solaris / RedHat
Posts: 266

Original Poster
Rep: Reputation: 19
Quote:
Originally Posted by eSelix View Post
There is a "Banner" option in "/etc/ssh/sshd_config". Set it to "none".
Thanks for the advice... but it doesnt work...

PL(Nie dziala niestety)


Does anybody knows how to remove SSH version and OS description from ssh ?
 
Old 10-22-2011, 10:41 AM   #4
catkin
LQ 5k Club
 
Registered: Dec 2008
Location: Tamil Nadu, India
Distribution: Debian
Posts: 8,578
Blog Entries: 31

Rep: Reputation: 1208Reputation: 1208Reputation: 1208Reputation: 1208Reputation: 1208Reputation: 1208Reputation: 1208Reputation: 1208Reputation: 1208
No such problem on a Debian Squeeze ssh host with the as-installed sshd_config. The Banner line is commented out. The ssh daemon startup script sources the ssh command line options from /etc/default/ssh. It has the line 'SSHD_OPTS=' so sets no options.
 
Old 10-22-2011, 10:58 AM   #5
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora
Posts: 3,935
Blog Entries: 5

Rep: Reputation: Disabled
Quote:
Originally Posted by eSelix
There is a "Banner" option in "/etc/ssh/sshd_config". Set it to "none".
That behavior is supported only as of OpenSSH 4.8 or later: http://www.openssh.org/txt/release-4.8

OP is running OpenSSH 4.6.

-------

@dlugasx: AFAIK, there is no config or runtime option for disabling this in your OpenSSH version. You can:
  1. Recompile the source, with the banner removed or changed. (Waste of time, IMO.) .. OR
  2. Keep your system patched, and do not worry about it.

This falls into the security by obscurity category. Not a great use of your time or effort.
Last edited by anomie; 10-22-2011 at 10:59 AM.
 
2 members found this post helpful.
Old 10-22-2011, 12:11 PM   #6
dlugasx
Member
 
Registered: Dec 2008
Location: Germany/Poland
Distribution: CentOS / Debian / Solaris / RedHat
Posts: 266

Original Poster
Rep: Reputation: 19
Quote:
Originally Posted by anomie View Post
That behavior is supported only as of OpenSSH 4.8 or later: http://www.openssh.org/txt/release-4.8

OP is running OpenSSH 4.6.

-------

@dlugasx: AFAIK, there is no config or runtime option for disabling this in your OpenSSH version. You can:
  1. Recompile the source, with the banner removed or changed. (Waste of time, IMO.) .. OR
  2. Keep your system patched, and do not worry about it.

This falls into the security by obscurity category. Not a great use of your time or effort.

Thanks for advice...
 
Old 02-10-2012, 08:15 PM   #7
scandalist
Member
 
Registered: Apr 2011
Posts: 31

Rep: Reputation: 1
Really simple...

just add "DebianBanner no" to the /etc/ssh/sshd_config

*Note* Not sure if this works for other distros.
 
Old 12-31-2013, 02:08 AM   #8
malayo
Member
 
Registered: Dec 2010
Posts: 130

Rep: Reputation: 1
DebianBanner not working
on wheezy, i tried adding "DebianBanner no" in /etc/ssh/sshd_config but i'm still getting banner displayed when i telnet to ssh port

openssh server version: 6.0p1-4
 
  


Reply

Tags
banner, disable, ssh, version



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Cups/Samba disable banner printing devbro Linux - Networking 4 02-10-2017 09:12 PM
hide ssh banner shafey Linux - Security 3 04-14-2013 05:59 PM
Disable CUPS Print Banner arvineb Linux - General 4 02-16-2010 05:37 AM
SSH banner design garnser Linux - Software 1 10-16-2004 02:07 AM
change the banner for ssh [cacheflow] Linux - Security 5 09-16-2002 03:03 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:12 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration