From owner-freebsd-questions@FreeBSD.ORG  Sat Jun 19 16:23:18 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B3E2216A4CF
	for <freebsd-questions@FreeBSD.ORG>;
	Sat, 19 Jun 2004 16:23:18 +0000 (GMT)
Received: from out010.verizon.net (out010pub.verizon.net [206.46.170.133])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4C4C243D1F
	for <freebsd-questions@FreeBSD.ORG>;
	Sat, 19 Jun 2004 16:23:18 +0000 (GMT)	(envelope-from cswiger@mac.com)
Received: from [192.168.1.3] ([68.161.84.3]) by out010.verizon.net
          (InterMail vM.5.01.06.06 201-253-122-130-106-20030910) with ESMTP
          id <20040619162317.XIXP15848.out010.verizon.net@[192.168.1.3]>;
          Sat, 19 Jun 2004 11:23:17 -0500
Message-ID: <40D4686D.3060307@mac.com>
Date: Sat, 19 Jun 2004 12:23:09 -0400
From: Chuck Swiger <cswiger@mac.com>
Organization: The Courts of Chaos
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
	rv:1.7) Gecko/20040608
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Emperor of Florida <kruptos@mlinux.org>
References: <1087599478.5479.8.camel@route>
In-Reply-To: <1087599478.5479.8.camel@route>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Authentication-Info: Submitted using SMTP AUTH at out010.verizon.net from
	[68.161.84.3] at Sat, 19 Jun 2004 11:23:17 -0500
cc: "freebsd-questions@FreeBSD. ORG" <freebsd-questions@FreeBSD.ORG>
Subject: Re: Turning off sshd version display when someone telnets to port.
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 19 Jun 2004 16:23:18 -0000

Emperor of Florida wrote:
[ ...concealing the purpose of a port... ]
> Currently when you telnet to it you will see:
> Escape character is '^]'.
> SSH-1.99-OpenSSH_3.6.1p1 YbrickRd

As Jeremy said, SSH depends on exchanging the version of the procotols it is 
using in order for both sides to figure out what types of cryptography they 
can use.

You have already improved the security of your installation significantly, and 
to the point where any gains beyond this are going to require heroic measures. 
  You might consider setting up IPsec, or blocking inbound SSH connections 
from all but a few IP addresses, or changing SSH to use OPIE rather than 
reusable passwords.

-- 
-Chuck