on Thu, Apr 18, 2002 at 02:15:09AM +0000, Gene ENonymous wrote:
> It clearly sees my services. What concerns me a little is that
> ssh reports: SSH-1.99-OpenSSH_2.5.1 NetBSD_Secure_Shell-20010614
> and ftp reports:20- 220 xxx.client.insightBB.com FTP server (NetBSD-ftpd 20010329) ready.

ftpd has a -V option, which can supress the version.
eg: /usr/libexec/ftpd -V - -ll

> Which clearly indicates the version of service running. While I don't think
> These services have known vulnerabilities, wouldn't it be better if
> they were a bit more discreet with their introductions?

OpenSSH 2.5.1 does. See http://www.netbsd.org/Security/

> I poked around a bit in the man pages, but didn't see where to change
> these messages (and I don't know if connecting clients need this
> info).

Connecting ftp clients don't. ssh2 says the identification string
must be in the form "SSH-protoversion-softwareversion comments"