Attachment #866 for bug #764

Lines 42-47 Link Here

(-)openssh-3.9p1.orig/servconf.c (-1 / +9 lines)
42	options->use_pam = -1;	42	options->use_pam = -1;
43		43
44	/* Standard Options */	44	/* Standard Options */
		45	options->suppress_version_string = -1;
45	options->num_ports = 0;	46	options->num_ports = 0;
46	options->ports_from_cmdline = 0;	47	options->ports_from_cmdline = 0;
47	options->listen_addrs = NULL;	48	options->listen_addrs = NULL;
Lines 129-134 Link Here
129	_PATH_HOST_DSA_KEY_FILE;	130	_PATH_HOST_DSA_KEY_FILE;
130	}	131	}
131	}	132	}
		133	if (options->suppress_version_string == -1)
		134	options->suppress_version_string = 1;
132	if (options->num_ports == 0)	135	if (options->num_ports == 0)
133	options->ports[options->num_ports++] = SSH_DEFAULT_PORT;	136	options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
134	if (options->listen_addrs == NULL)	137	if (options->listen_addrs == NULL)
Lines 272-278 Link Here
272	sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,	275	sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
273	sGssAuthentication, sGssCleanupCreds, sAcceptEnv,	276	sGssAuthentication, sGssCleanupCreds, sAcceptEnv,
274	sUsePrivilegeSeparation,	277	sUsePrivilegeSeparation,
275	sDeprecated, sUnsupported	278	sDeprecated, sUnsupported, sSuppressVersionString
276	} ServerOpCodes;	279	} ServerOpCodes;
277		280
278	/* Textual representation of the tokens. */	281	/* Textual representation of the tokens. */
Lines 372-377 Link Here
372	{ "authorizedkeysfile2", sAuthorizedKeysFile2 },	375	{ "authorizedkeysfile2", sAuthorizedKeysFile2 },
373	{ "useprivilegeseparation", sUsePrivilegeSeparation},	376	{ "useprivilegeseparation", sUsePrivilegeSeparation},
374	{ "acceptenv", sAcceptEnv },	377	{ "acceptenv", sAcceptEnv },
		378	{ "suppressversionstring", sSuppressVersionString },
375	{ NULL, sBadOption }	379	{ NULL, sBadOption }
376	};	380	};
377		381
Lines 726-731 Link Here
726	intptr = &options->use_dns;	730	intptr = &options->use_dns;
727	goto parse_flag;	731	goto parse_flag;
728		732
		733	case sSuppressVersionString:
		734	intptr = &options->suppress_version_string;
		735	goto parse_flag;
		736
729	case sLogFacility:	737	case sLogFacility:
730	intptr = (int *) &options->log_facility;	738	intptr = (int *) &options->log_facility;
731	arg = strdelim(&cp);	739	arg = strdelim(&cp);

Lines 133-138 Link Here

(-)openssh-3.9p1.orig/servconf.h (+1 lines)
133	char authorized_keys_file; / File containing public keys */	133	char authorized_keys_file; / File containing public keys */
134	char *authorized_keys_file2;	134	char *authorized_keys_file2;
135	int use_pam; /* Enable auth via PAM */	135	int use_pam; /* Enable auth via PAM */
		136	int suppress_version_string;
136	} ServerOptions;	137	} ServerOptions;
137		138
138	void initialize_server_options(ServerOptions *);	139	void initialize_server_options(ServerOptions *);

Lines 382-388 Link Here

(-)openssh-3.9p1.orig/sshd.c (-1 / +8 lines)
382	major = PROTOCOL_MAJOR_1;	382	major = PROTOCOL_MAJOR_1;
383	minor = PROTOCOL_MINOR_1;	383	minor = PROTOCOL_MINOR_1;
384	}	384	}
385	snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s\n", major, minor, SSH_VERSION);	385
		386	if (options.suppress_version_string) {
		387	snprintf(buf, sizeof buf, "SSH-%d.%d\n", major, minor);
		388	}
		389	else {
		390	snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s\n", major, minor, SSH_VERSION);
		391	}
		392
386	server_version_string = xstrdup(buf);	393	server_version_string = xstrdup(buf);
387		394
388	/* Send our protocol version identification. */	395	/* Send our protocol version identification. */

Lines 587-592 Link Here

(-)openssh-3.9p1.orig/sshd_config.5 (+5 lines)
587	file transfer subsystem.	587	file transfer subsystem.
588	By default no subsystems are defined.	588	By default no subsystems are defined.
589	Note that this option applies to protocol version 2 only.	589	Note that this option applies to protocol version 2 only.
		590	.It Cm SuppressVersionString
		591	Turns off version string information to prevent fingerprinting via
		592	banner grabs.
		593	The default is
		594	.Dq yes .
590	.It Cm SyslogFacility	595	.It Cm SyslogFacility
591	Gives the facility code that is used when logging messages from	596	Gives the facility code that is used when logging messages from
592	.Nm sshd .	597	.Nm sshd .

Return to bug 764