From owner-freebsd-security Fri Mar 15 13:35: 5 2002 Delivered-To: freebsd-security@freebsd.org Received: from db.nexgen.com (db.nexgen.com [66.92.98.149]) by hub.freebsd.org (Postfix) with SMTP id 4152E37B417 for ; Fri, 15 Mar 2002 13:34:59 -0800 (PST) Received: (qmail 86075 invoked from network); 15 Mar 2002 21:37:30 -0000 Received: from localhost.nexgen.com (HELO alexus) (root@127.0.0.1) by localhost.nexgen.com with SMTP; 15 Mar 2002 21:37:30 -0000 Message-ID: <004701c1cc69$4131a710$0100a8c0@alexus> From: "alexus" To: Cc: , References: Subject: Re: openssh Date: Fri, 15 Mar 2002 16:34:56 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org i do keep it up to date but since there was a vulnarability with open ssh 2.9.x everyone tells me to upgrade it to latest 3.x, but i trust freebsd team i keep latest -STABLE build, however most of the scaners they just look at the versions and they automaticly assume that this server can be exploited just for reaosn i run ssh 2.9.x ----- Original Message ----- From: To: "alexus" Cc: ; Sent: Friday, March 15, 2002 4:11 PM Subject: Re: openssh > It's better practice to ensure sshd is up-to-date and keep your banner. > Security by obscurity is an end run around the problem. Keeping > services up-to-date should be a primary concern. > > Cory Vokey > Systems Administrator > ACI/MessagingDirect > www.messagingdirect.com > www.aciworldwide.com > > > > > > "alexus" > Sent by: owner-freebsd-security@FreeBSD.ORG > 03/15/2002 01:04 PM > > > To: > cc: > Subject: openssh > > > is there a way to disable that "banner" when someone telnets to port 22 > > SSH-1.99-OpenSSH_2.9 FreeBSD localisations 20010713 > > and/or > > disable any SSH daemon information retrieval? like: without person having > access to my computer, that person can already obtain some of info > > SSH1 supported yes > Supported authentification methods for SSH1 RSA,keyboard > interactive,password > Supported ciphers for SSH1 3des,blowfish > SSH2 supported yes > Supported keys exchange algorithm for SSH2 > diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 > Supported decryption ciphers for SSH2 > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,r > ijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se > Supported encryption ciphers for SSH2 > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,r > ijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se > Supported decryption mac for SSH2 > hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hm > ac-md5-96 > Supported encryption mac for SSH2 > hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hm > ac-md5-96 > Supported authentification methods for SSH2 > publickey,password,keyboard-interactive > > > is there a way to *NOT* allowe user to get any info at all? > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message