Date: Tue, 27 Mar 2001 22:09:40 +0900 From: Makoto MATSUSHITA <matusita@jp.FreeBSD.org> To: freebsd-security@FreeBSD.ORG Subject: Re: SSHD revelaing too much information. Message-ID: <20010327220940N.matusita@jp.FreeBSD.org> In-Reply-To: <20010327005503.J5425@rfx-216-196-73-168.users.reflex> References: <p05010404b6e5bb325d3c@[128.113.24.47]> <p05010404b6e5bb325d3c@[128.113.24.47]> <20010327005503.J5425@rfx-216-196-73-168.users.reflex>
next in thread | previous in thread | raw e-mail | index | archive | help
Trim To: field... cjclark> The 'green@FreeBSD.org 20010321' is too much information. The cjclark> 'OpenSSH_2.3.0' part is required for the protocol. What do you think about NetBSD? Their ssh implementation, based on OpenSSH 2.5.2 but hacked by their own, uses OpenSSH_2.5.2 NetBSD_Secure_Shell-20010319 as a version string. Maybe it's also too much information, since NetBSD Secure Shell is (maybe) only available for NetBSD, and it uses timestamp (20010319). If you doubt, check: <URL:http://www.freebsd.org/cgi/cvsweb.cgi/basesrc/crypto/dist/ssh/version.h?cvsroot=netbsd>; It is natual that the first word of version string is for and only for OpenSSH implementation and/or the ssh protocol itself (I dunno it's true or not), and rest of version strings are for identifying the OpenSSH variants (note that our ssh implementation is *not* just a security-fixed OpenSSH 2.3.0, but have features which does not exist in the original OpenSSH by OpenBSD). -- - Makoto `MAR' MATSUSHITA To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010327220940N.matusita>