Date: Fri, 15 Mar 2002 16:34:56 -0500 From: "alexus" <ml@db.nexgen.com> To: <vokeyc@aciworldwide.com> Cc: <freebsd-security@FreeBSD.ORG>, <owner-freebsd-security@FreeBSD.ORG> Subject: Re: openssh Message-ID: <004701c1cc69$4131a710$0100a8c0@alexus> References: <OFB285D2C2.309E2F56-ON87256B7D.0074468F@tsainc.com>
next in thread | previous in thread | raw e-mail | index | archive | help
i do keep it up to date but since there was a vulnarability with open ssh 2.9.x everyone tells me to upgrade it to latest 3.x, but i trust freebsd team i keep latest -STABLE build, however most of the scaners they just look at the versions and they automaticly assume that this server can be exploited just for reaosn i run ssh 2.9.x ----- Original Message ----- From: <vokeyc@aciworldwide.com> To: "alexus" <ml@db.nexgen.com> Cc: <freebsd-security@FreeBSD.ORG>; <owner-freebsd-security@FreeBSD.ORG> Sent: Friday, March 15, 2002 4:11 PM Subject: Re: openssh > It's better practice to ensure sshd is up-to-date and keep your banner. > Security by obscurity is an end run around the problem. Keeping > services up-to-date should be a primary concern. > > Cory Vokey > Systems Administrator > ACI/MessagingDirect > www.messagingdirect.com > www.aciworldwide.com > > > > > > "alexus" <ml@db.nexgen.com> > Sent by: owner-freebsd-security@FreeBSD.ORG > 03/15/2002 01:04 PM > > > To: <freebsd-security@FreeBSD.ORG> > cc: > Subject: openssh > > > is there a way to disable that "banner" when someone telnets to port 22 > > SSH-1.99-OpenSSH_2.9 FreeBSD localisations 20010713 > > and/or > > disable any SSH daemon information retrieval? like: without person having > access to my computer, that person can already obtain some of info > > SSH1 supported yes > Supported authentification methods for SSH1 RSA,keyboard > interactive,password > Supported ciphers for SSH1 3des,blowfish > SSH2 supported yes > Supported keys exchange algorithm for SSH2 > diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 > Supported decryption ciphers for SSH2 > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,r > ijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se > Supported encryption ciphers for SSH2 > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,r > ijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se > Supported decryption mac for SSH2 > hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hm > ac-md5-96 > Supported encryption mac for SSH2 > hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hm > ac-md5-96 > Supported authentification methods for SSH2 > publickey,password,keyboard-interactive > > > is there a way to *NOT* allowe user to get any info at all? > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?004701c1cc69$4131a710$0100a8c0>