Project

General

Profile

Bug #23683

Avatar?id=14398&size=22x22

SSH banner reveals sensitive information

Added by Martin Herrman about 4 years ago. Updated about 4 years ago.

Status:
Resolved
Priority:
Nice to have
Assignee:
Kris Moore
Category:
OS
Target version:
Seen in:
Severity:
New
Reason for Closing:
Reason for Blocked:
Needs QA:
Yes
Needs Doc:
Yes
Needs Merging:
Yes
Needs Automation:
No
Support Suite Ticket:
n/a
Hardware Configuration:
ChangeLog Required:
No

Description

The ssh banner reveals the OS and version information that a possible attacker could use:

telnet <my-freenas-host-ip> 22
Trying <my-freenas-host-ip>...
Connected to <my-freenas-host-ip>.
Escape character is '^]'.
SSH-2.0-OpenSSH_7.3-hpn14v5 FreeBSD-openssh-portable-7.3.p1_1,1

Possible relevant parts from the freebsd sshd man page:

Banner  The contents of the specified file    are sent to the    remote user
before authentication is allowed. If the argument is ``none''
then no banner is displayed. By default, no banner is displayed.
VersionAddendum
Optionally specifies additional text to append to the SSH proto-
col banner sent by the server upon connection. The default is
``FreeBSD-20160310''. The value ``none'' may be used to disable

Associated revisions

Revision d0eab144 (diff)
Added by Kris Moore about 4 years ago

Disable the VersionAddendum by default in sshd_config Ticket: #23683

History

#1 Avatar?id=14398&size=24x24 Updated by Kris Moore about 4 years ago

  • Status changed from Unscreened to Needs Developer Review
  • Assignee changed from Alexander Motin to William Grzybowski
  • Priority changed from No priority to Nice to have
  • Target version set to 11.0

I've disabled the VersionAddendum now, which should make the banner appear as:

SSH-2.0-OpenSSH_7.3-hpn14v5
^^^ This part is required for SSH

#2 Updated by William Grzybowski about 4 years ago

  • Status changed from Needs Developer Review to Reviewed
  • Assignee changed from William Grzybowski to Kris Moore

lgtm

#3 Avatar?id=14398&size=24x24 Updated by Kris Moore about 4 years ago

  • Status changed from Reviewed to Resolved

#4 Updated by Vaibhav Chauhan about 4 years ago

  • Target version changed from 11.0 to 11.0-RC

Also available in: Atom PDF