Mark Devin <[EMAIL PROTECTED]> writes: > On Mon, 2003-06-16 at 23:32, Tomasz Papszun wrote: >> ServerTokens ProductOnly >> ServerSignature Off >> > I was going to say exactly this earlier in the thread. I put this in My > Apache config quite some time ago when I realised I could. There should > be something similar in the sshd_config in my opinion. > > Of the information spat out from my ssh daemon: > SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1 > I believe that clients need only the "SSH-2.0" part.
Technically yes, but OpenSSH does use the OpenSSH part of the version string to enable some OpenSSH specific things. Also, if you're in an environment with a security team that has the power to shut off your port, the Debian part of the Version string is very handy. It clues the security people into the fact that you're running a version of ssh with security patches backported and aren't vulnerable to the known exploits agains OpenSSH 3.4 and the like. Still, the Debian part of the version string should be user-customizable. -- Ted Cabeen Systems/Network Administrator Impulse Internet Services
