Control: merge 774410 774411 On Fri, Jan 02, 2015 at 11:14:21AM +0100, Fedor Brunner wrote: > it should be possible to suppress the exact package version of > openssh that is reported during the initial protocol handshake > also for ssh client.
This sort of patch carries an ongoing maintenance burden (and not an entirely trivial one; patches to the configuration-reading code normally conflict and require manual resolution when upgrading to new upstream versions), so you're going to have to make the case for why it's important in practice to conceal the client version. While I'm not wholly convinced that concealing the server version is interesting or valuable, surely vulnerabilities in that direction are orders of magnitude more common. -- Colin Watson [cjwat...@debian.org] -- To UNSUBSCRIBE, email to debian-ssh-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150102122305.gv3...@riva.ucam.org