Date: Mon, 29 Mar 2004 10:32:42 +0100 From: Danny Woods <danny@khisanth.hopto.org> To: freebsd-questions@freebsd.org Subject: Latest SSH? Message-ID: <20040329093242.GA5633@khisanth.hopto.org>
next in thread | raw e-mail | index | archive | help
Hi all, I upgraded from 5.1 to 5.2.1p3 over the weekend, and finished off with a Nessus scan to check that ssh was the only port visible to the outside world. Despite a recent (i.e. last Thursday) cvsup to sync the source tree, I'm getting a high severity warning about a hole in SSH based on the version number reported (3.6.1p1 FreeBSD-20030924). I'm using the core ssh, not the version from ports. Does anyone know if this problem is real, or a false-positive? As an aside, can sshd be prevented from reporting its version number on connect, or is this something that a client-app needs to know? Thanks, Danny.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040329093242.GA5633>