Bug 1019

Summary: Exact version should not be disclosed to hinder attacks
Product: Portable OpenSSH Reporter: Jean-Marc Gillet <jeanmarc.gillet>
Component: sshdAssignee: OpenSSH Bugzilla mailing list <openssh-bugs>
Status: CLOSED DUPLICATE    
Severity: minor    
Priority: P2    
Version: 4.0p1   
Hardware: All   
OS: All   

Description Jean-Marc Gillet 2005-04-20 18:05:16 AEST 
At first connection to port 22, the server sends his ID string with the version
number. I think that this should be configurable (a fake version number e.g.) in
order to hinder attacks based on known vulnerabilities. Someone could gain a bit
of time in order to replace its old unsecure version of the ssh server with a
new one.
Comment 1 Darren Tucker 2005-04-20 18:56:11 AEST 
This has been done to death several times before, please see bug #764.

*** This bug has been marked as a duplicate of 764 ***
Comment 2 Darren Tucker 2006-10-07 11:39:44 AEST 
Change all RESOLVED bug to CLOSED with the exception of the ones fixed post-4.4.