Date: Sat, 19 Jun 2004 12:23:09 -0400 From: Chuck Swiger <cswiger@mac.com> To: Emperor of Florida <kruptos@mlinux.org> Cc: "freebsd-questions@FreeBSD. ORG" <freebsd-questions@FreeBSD.ORG> Subject: Re: Turning off sshd version display when someone telnets to port. Message-ID: <40D4686D.3060307@mac.com> In-Reply-To: <1087599478.5479.8.camel@route> References: <1087599478.5479.8.camel@route>
next in thread | previous in thread | raw e-mail | index | archive | help
Emperor of Florida wrote: [ ...concealing the purpose of a port... ] > Currently when you telnet to it you will see: > Escape character is '^]'. > SSH-1.99-OpenSSH_3.6.1p1 YbrickRd As Jeremy said, SSH depends on exchanging the version of the procotols it is using in order for both sides to figure out what types of cryptography they can use. You have already improved the security of your installation significantly, and to the point where any gains beyond this are going to require heroic measures. You might consider setting up IPsec, or blocking inbound SSH connections from all but a few IP addresses, or changing SSH to use OPIE rather than reusable passwords. -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?40D4686D.3060307>