Re: Turning off sshd version display when someone telnets to port.
Emperor of Florida wrote: [ ...concealing the purpose of a port... ] Currently when you telnet to it you will see: Escape character is '^]'. SSH-1.99-OpenSSH_3.6.1p1 YbrickRd As Jeremy said, SSH depends on exchanging the version of the procotols it is using in order for both sides to figure out what types of cryptography they can use. You have already improved the security of your installation significantly, and to the point where any gains beyond this are going to require heroic measures. You might consider setting up IPsec, or blocking inbound SSH connections from all but a few IP addresses, or changing SSH to use OPIE rather than reusable passwords. -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Turning off sshd version display when someone telnets to port.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Emperor of Florida wrote: | Okay, | | On my router I run sshd just in case I need to connect to my computers | when I am away from home (this computer basically does NAT and firewalls | everything behind it). I moved sshd to a different port than the | standard 22 just so most port scanners won't run across it -- unless | they are scanning every single port. In the case that someone scans | every port and sees this one open... I figure they might telnet to it to | see what it might be. | | Currently when you telnet to it you will see: | Escape character is '^]'. | SSH-1.99-OpenSSH_3.6.1p1 YbrickRd | | I was able to get the OS type off (which is why it reads YbrickRd) but I | would prefer that nothing at all shows up. Or, at the very least, that I | can change the message so it won't announce that is it ssh with its | version. I know there must be a way to do this but I can't seem to find | it in the config file or the man pages. When I searched on the web I | didn't find anything either. | | Does anyone have a clue on how to make sshd shutup? | | Kevin | -- | The moon is a planet just like the Earth, only it is even deader. Shut it down, that's the only way. The announcement of version is required by the protocol, that's why it's doing it. Both sides, the client and server identify their communication version. - -- Jeremy Faulkner http://www.gldis.ca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (FreeBSD) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFA07GOfb0Lle2MIEIRAp/jAKDLU01MzohmnDYDSu5U9o7NZbBxPgCgulkW TPeRBXo3f5wJmEibX1ZKR9I= =HHy6 -END PGP SIGNATURE- ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Turning off sshd version display when someone telnets to port.
Okay, On my router I run sshd just in case I need to connect to my computers when I am away from home (this computer basically does NAT and firewalls everything behind it). I moved sshd to a different port than the standard 22 just so most port scanners won't run across it -- unless they are scanning every single port. In the case that someone scans every port and sees this one open... I figure they might telnet to it to see what it might be. Currently when you telnet to it you will see: Escape character is '^]'. SSH-1.99-OpenSSH_3.6.1p1 YbrickRd I was able to get the OS type off (which is why it reads YbrickRd) but I would prefer that nothing at all shows up. Or, at the very least, that I can change the message so it won't announce that is it ssh with its version. I know there must be a way to do this but I can't seem to find it in the config file or the man pages. When I searched on the web I didn't find anything either. Does anyone have a clue on how to make sshd shutup? Kevin -- The moon is a planet just like the Earth, only it is even deader. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"