From owner-freebsd-questions@freebsd.org  Mon Feb 17 17:02:57 2020
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 7E0DA23F35B;
 Mon, 17 Feb 2020 17:02:57 +0000 (UTC)
 (envelope-from galtsev@kicp.uchicago.edu)
Received: from kicp.uchicago.edu (kicp.uchicago.edu [128.135.20.70])
 by mx1.freebsd.org (Postfix) with ESMTP id 48Lr005WdNz4Bgv;
 Mon, 17 Feb 2020 17:02:56 +0000 (UTC)
 (envelope-from galtsev@kicp.uchicago.edu)
Received: from [128.135.52.252] (unknown [128.135.52.252])
 (Authenticated sender: galtsev)
 by kicp.uchicago.edu (Postfix) with ESMTPSA id D8AC54E67D;
 Mon, 17 Feb 2020 11:02:55 -0600 (CST)
Content-Type: text/plain;
	charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 13.0 \(3608.60.0.2.5\))
Subject: Re: tightening sshd, removing server identification banner
From: Valeri Galtsev <galtsev@kicp.uchicago.edu>
In-Reply-To: <036b6d54c51d5d7ae9934415b60369f8@kazancci.com>
Date: Mon, 17 Feb 2020 11:02:55 -0600
Cc: David Mehler <dave.mehler@gmail.com>,
 freebsd-questions <freebsd-questions@freebsd.org>,
 owner-freebsd-questions@freebsd.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <0E539BE9-C479-4374-8568-5FDA5A910F3C@kicp.uchicago.edu>
References: <CAPORhP4JmTB-Cf04Mgtae9EnHCRPe=5LHs_xtbZE+APoP6pVbg@mail.gmail.com>
 <036b6d54c51d5d7ae9934415b60369f8@kazancci.com>
To: =?utf-8?Q?=C3=96zg=C3=BCr_Kazancci?= <ozgur@kazancci.com>
X-Mailer: Apple Mail (2.3608.60.0.2.5)
X-Rspamd-Queue-Id: 48Lr005WdNz4Bgv
X-Spamd-Bar: /
Authentication-Results: mx1.freebsd.org; dkim=none;
 dmarc=fail reason="No valid SPF, No valid DKIM" header.from=uchicago.edu
 (policy=none); 
 spf=none (mx1.freebsd.org: domain of galtsev@kicp.uchicago.edu has no SPF
 policy when checking 128.135.20.70) smtp.mailfrom=galtsev@kicp.uchicago.edu
X-Spamd-Result: default: False [-0.82 / 15.00]; ARC_NA(0.00)[];
 RCVD_VIA_SMTP_AUTH(0.00)[];
 DMARC_POLICY_SOFTFAIL(0.10)[uchicago.edu : No valid SPF, No valid DKIM,none]; 
 NEURAL_HAM_MEDIUM(-0.58)[-0.585,0]; FROM_HAS_DN(0.00)[];
 RCPT_COUNT_THREE(0.00)[4]; TO_DN_SOME(0.00)[]; MV_CASE(0.50)[];
 TAGGED_RCPT(0.00)[]; MIME_GOOD(-0.10)[text/plain];
 NEURAL_HAM_LONG(-0.96)[-0.957,0];
 TO_MATCH_ENVRCPT_SOME(0.00)[];
 IP_SCORE(0.12)[ip: (0.35), ipnet: 128.135.0.0/16(0.17), asn: 160(0.14),
 country: US(-0.05)]; 
 RCVD_IN_DNSWL_NONE(0.00)[70.20.135.128.list.dnswl.org : 127.0.10.0];
 R_SPF_NA(0.00)[]; RCVD_NO_TLS_LAST(0.10)[];
 FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[];
 MIME_TRACE(0.00)[0:+];
 ASN(0.00)[asn:160, ipnet:128.135.0.0/16, country:US];
 FREEMAIL_CC(0.00)[gmail.com]; MID_RHS_MATCH_FROM(0.00)[];
 RCVD_COUNT_TWO(0.00)[2]
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Feb 2020 17:02:57 -0000



> On Feb 17, 2020, at 10:58 AM, =C3=96zg=C3=BCr Kazancci =
<ozgur@kazancci.com> wrote:
>=20
> Hello David,
>=20
> If you're sure you uncommented these lines,
> #VersionAddendum none
> #Banner none
>=20

As far as I know, uncommenting lines in sshd_config is unnecessary. =
These are put there as commented lines to indicate defaults which sshd =
was build with, so they are already in effect. That is why good practice =
is when changing something to keep commented line as it is, and add next =
to it yours not commented different setting.

Valeri

> and restarted the sshd, then there is no much else left -imho-. A =
complete removal of SSHD banner (if that's what you're trying to do) =
requires a manual edit of OpenSSH(d) files&complete complication of it =
from scratch.
>=20
> Best,
> =C3=96zg=C3=BCr.
>=20
>=20
>=20
>=20
> On 17/02/2020 19:53, David Mehler wrote:
>> Hello,
>> I'm running FreeBSD 12.0. I'm atempting to tighten up my sshd
>> configuration. I've got things where I want them, except for the
>> connecting banner. I'm using sshaudit.com to test things and this is
>> what it's saying for the banner setting:
>> Banner:SSH-2.0-OpenSSH_7.8 FreeBSD-20180909
>> I would rather this be set to nothing or at most very minimal. Google
>> and the sshd_config man page reveals the Banner and VersionAdendum
>> options. I've set both to none.
>> PrintMotd no
>> #PrintLastLog yes
>> #VersionAddendum none
>> #Banner none
>> Can anyone tell me how to get the results I am looking for?
>> Thanks.
>> Dave.
>> _______________________________________________
>> freebsd-questions@freebsd.org mailing list
>> https://lists.freebsd.org/mailman/listinfo/freebsd-questions
>> To unsubscribe, send any mail to =
"freebsd-questions-unsubscribe@freebsd.org"
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to =
"freebsd-questions-unsubscribe@freebsd.org"

++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++