On 27/05/15 16:38, Colin Watson wrote: >> An administrator capable of upgrading packages when needed (e.g. for >> security updates) should have more reliable ways to learn the version of >> openssh-server running on their system than a cleartext banner sent >> across the network on port 22. > > The specific case that prompted the banner in the first place was that > of a university trying to ensure that systems on its network was secure, > where the central administration doesn't have direct access to upgrade > packages nor any other such reliable way to determine package versions, > but does have the ability to disconnect vulnerable systems if need be. > > Cheers, >
So, putting it into other words... The use case was actually to make easier to detect vulnerable systems to anyone without access to the system by inspecting the DebianBanner version of the SSH servers, right? Is this use case (announcing vulnerable machines via the SSH server DebianBanner info to anyone without access rights to the machine) something that Debian wants to keep supporting by default???? I'm astonished
signature.asc
Description: OpenPGP digital signature
