Subject: Re: HEADS UP: ssh configuration files renamed
To: Luke Mewburn <lukem@netbsd.org>
From: Bruno Saverio Delbono <bruno@lucifer.at>
List: current-users
Date: 04/30/2002 02:03:58
--lEGEL1/lMxI0MVQ2
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Making, drinking tea and reading an opus magnum from Luke Mewburn:
> On Mon, Apr 29, 2002 at 01:06:17PM -0400, gabriel rosenkoetter
> wrote:
> > On Mon, Apr 29, 2002 at 06:28:27PM +1000, Luke Mewburn wrote:
> > > HEADS UP!
> > >=20
> > > The ssh(1) and sshd(8) configuration files have been renamed
> > > to be consistent with the OpenSSH defaults:
> >=20
> > Why? Did you discuss this change anywhere public?
> The decision to move to have consistent configuration filenames with
> what the third party vendor (OpenSSH) ships with was made a couple
> of weeks ago by at least two members of NetBSD core, after long
> discussion on various NetBSD forums.
[...]
While we are on the topic of ssh, why do we print out the version
string of the OS as banner when we connect? i.e.
On NetBSD -current:
[bruno@leviathan.lucifer.at]$telnet xxx.xxx.xxx.xxx 22
Trying 208.xxx.xxx.xxx...
Connected to xxx.xxx.xxx.xxx
Escape character is '^]'.
SSH-1.99-OpenSSH_3.2 NetBSD_Secure_Shell-20020422
I don't want people to know the OS/version only from the sshd banner?
Why you may ask...well recently there have been a string of exploits
(crc32 bug) which has been exploited with x2. Each day, I get around
50+ - 100+ probes for the sshd banner.=20
However on OpenBSD:
[bruno@leviathan.lucifer.at]$telnet mail.open-systems.org 22
Trying 24.84.17.242...
Connected to mail.open-systems.org.
Escape character is '^]'.
SSH-1.99-OpenSSH_3.0.2
Is there a reason on why this should not be similar to OpenSSH -core?
Kind regards,
-Bruno
--=20
Excellent time to become a missing person.
--lEGEL1/lMxI0MVQ2
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (OpenBSD)
Comment: For info see http://www.gnupg.org
iD8DBQE8zl3+ercGlynG6Y0RAkfeAJ99360ZFZa2oBkb0n1qO9Bb8HRQmACfTe1P
UwxGjgaaZWd0xad5EasHp48=
=82rF
-----END PGP SIGNATURE-----
--lEGEL1/lMxI0MVQ2--