Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Disable openssh banner?



On 6/27/07, Scott Ehrlich <scott-3s7WtUTddSA at public.gmane.org> wrote:
> I just telnetted to my Ubuntu linux box's port 22 and saw its banner ID.

You may also find nc useful :-)

> How do I disable the banner?

That banner is populated from within the binary.  You can hexedit the
binary to change it obviously, but I actually am unsure how to disable
it or change it via a config.

> I've tried creating an empty /etc/issue.net file, uncommenting Banner in
> /etc/ssh/sshd_config, and issuing /etc/init.d/ssh restart.  telnet
> localhost 22 still shows the banner.

That is for pre-login banner notice, which is not the same banner
which is displayed to identify the server.

I found my banner at offset 0x00046dda in /usr/sbin/sshd using hexdump
-C | grep -i 4.6p1

Let us know if you find the real way to change it.  However, I must
ask why you are doing this, rather than using something like port
knocking or other techniques.  People can still identify your server
using a tool called amap even if you disable the banner.  So,
banner-disabling is only going to keep out really dumb people...which
I guess is enough for the majority :-)

Check our portknockd or single packet authentication (SPA)...
-- 
Kristian Hermansen

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.







BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org