Date: Tue, 27 Mar 2001 00:55:03 -0800 From: "Crist J. Clark" <cjclark@reflexnet.net> To: Garance A Drosihn <drosih@rpi.edu> Cc: Robert Watson <rwatson@FreeBSD.ORG>, Kris Kennaway <kris@obsecurity.org>, Nate Williams <nate@yogotech.com>, "Michael A. Dickerson" <mikey@singingtree.com>, "Duwde (Fabio V. Dias)" <duwde@duwde.com.br>, freebsd-security@FreeBSD.ORG Subject: Re: SSHD revelaing too much information. Message-ID: <20010327005503.J5425@rfx-216-196-73-168.users.reflex> In-Reply-To: <p05010404b6e5bb325d3c@[128.113.24.47]>; from drosih@rpi.edu on Mon, Mar 26, 2001 at 10:49:20PM -0500 References: <Pine.NEB.3.96L.1010326205118.81313D-100000@fledge.watson.org> <p05010404b6e5bb325d3c@[128.113.24.47]>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Mar 26, 2001 at 10:49:20PM -0500, Garance A Drosihn wrote: [snip] > One thing I was wondering is if the version information could be > delayed until the user has successfully authenticated to some user > on the destination host. SSH needs to know the version before it can negotiate the authentication. Read the draft. Passing the version number in plaintext at the start of the connection is not feasible to workaround and does not really get you much. This whole thread is about if for this version string, OpenSSH_2.3.0 green@FreeBSD.org 20010321 The 'green@FreeBSD.org 20010321' is too much information. The 'OpenSSH_2.3.0' part is required for the protocol. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010327005503.J5425>