Disable openssh banner?
Kristian Hermansen
kristian.hermansen-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Wed Jun 27 07:11:12 EDT 2007
On 6/27/07, Scott Ehrlich <scott-3s7WtUTddSA at public.gmane.org> wrote:
> I just telnetted to my Ubuntu linux box's port 22 and saw its banner ID.
You may also find nc useful :-)
> How do I disable the banner?
That banner is populated from within the binary. You can hexedit the
binary to change it obviously, but I actually am unsure how to disable
it or change it via a config.
> I've tried creating an empty /etc/issue.net file, uncommenting Banner in
> /etc/ssh/sshd_config, and issuing /etc/init.d/ssh restart. telnet
> localhost 22 still shows the banner.
That is for pre-login banner notice, which is not the same banner
which is displayed to identify the server.
I found my banner at offset 0x00046dda in /usr/sbin/sshd using hexdump
-C | grep -i 4.6p1
Let us know if you find the real way to change it. However, I must
ask why you are doing this, rather than using something like port
knocking or other techniques. People can still identify your server
using a tool called amap even if you disable the banner. So,
banner-disabling is only going to keep out really dumb people...which
I guess is enough for the majority :-)
Check our portknockd or single packet authentication (SPA)...
--
Kristian Hermansen
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the Discuss
mailing list