Attachment 866 Details for Bug 764 – SuppressVersionString = (yes/no)

[patch] SuppressVersionString = (yes/no)

openssh_3.91p1_suppress_version_string.patch (text/plain), 3.50 KB, created by Nathan Valentine on 2005-04-03 13:10:35 AEST

(hide)

Description:

Filename:

MIME Type:

Creator: Nathan Valentine

Created: 2005-04-03 13:10:35 AEST

Size: 3.50 KB

patch

obsolete

>Common subdirectories: openssh-3.9p1.orig/contrib and openssh-3.9p1/contrib
>Common subdirectories: openssh-3.9p1.orig/debian and openssh-3.9p1/debian
>Common subdirectories: openssh-3.9p1.orig/openbsd-compat and openssh-3.9p1/openbsd-compat
>Common subdirectories: openssh-3.9p1.orig/regress and openssh-3.9p1/regress
>Common subdirectories: openssh-3.9p1.orig/scard and openssh-3.9p1/scard
>diff -u openssh-3.9p1.orig/servconf.c openssh-3.9p1/servconf.c
>--- openssh-3.9p1.orig/servconf.c	2005-04-01 22:07:29.809307016 -0500
>+++ openssh-3.9p1/servconf.c	2005-04-02 21:16:25.867300512 -0500
>@@ -42,6 +42,7 @@
> 	options->use_pam = -1;
> 
> 	/* Standard Options */
>+	options->suppress_version_string = -1;
> 	options->num_ports = 0;
> 	options->ports_from_cmdline = 0;
> 	options->listen_addrs = NULL;
>@@ -129,6 +130,8 @@
> 			    _PATH_HOST_DSA_KEY_FILE;
> 		}
> 	}
>+	if (options->suppress_version_string == -1)
>+		options->suppress_version_string = 1;
> 	if (options->num_ports == 0)
> 		options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
> 	if (options->listen_addrs == NULL)
>@@ -272,7 +275,7 @@
> 	sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
> 	sGssAuthentication, sGssCleanupCreds, sAcceptEnv,
> 	sUsePrivilegeSeparation,
>-	sDeprecated, sUnsupported
>+	sDeprecated, sUnsupported, sSuppressVersionString
> } ServerOpCodes;
> 
> /* Textual representation of the tokens. */
>@@ -372,6 +375,7 @@
> 	{ "authorizedkeysfile2", sAuthorizedKeysFile2 },
> 	{ "useprivilegeseparation", sUsePrivilegeSeparation},
> 	{ "acceptenv", sAcceptEnv },
>+	{ "suppressversionstring", sSuppressVersionString },
> 	{ NULL, sBadOption }
> };
> 
>@@ -726,6 +730,10 @@
> 		intptr = &options->use_dns;
> 		goto parse_flag;
> 
>+	case sSuppressVersionString:
>+		intptr = &options->suppress_version_string;
>+		goto parse_flag;
>+
> 	case sLogFacility:
> 		intptr = (int *) &options->log_facility;
> 		arg = strdelim(&cp);
>diff -u openssh-3.9p1.orig/servconf.h openssh-3.9p1/servconf.h
>--- openssh-3.9p1.orig/servconf.h	2005-04-01 22:07:29.834303216 -0500
>+++ openssh-3.9p1/servconf.h	2005-04-01 22:08:04.358054808 -0500
>@@ -133,6 +133,7 @@
> 	char   *authorized_keys_file;	/* File containing public keys */
> 	char   *authorized_keys_file2;
> 	int	use_pam;		/* Enable auth via PAM */
>+	int suppress_version_string;
> }       ServerOptions;
> 
> void	 initialize_server_options(ServerOptions *);
>diff -u openssh-3.9p1.orig/sshd.c openssh-3.9p1/sshd.c
>--- openssh-3.9p1.orig/sshd.c	2005-04-01 22:07:30.149255336 -0500
>+++ openssh-3.9p1/sshd.c	2005-04-02 21:37:17.231064304 -0500
>@@ -382,7 +382,14 @@
> 		major = PROTOCOL_MAJOR_1;
> 		minor = PROTOCOL_MINOR_1;
> 	}
>-	snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s\n", major, minor, SSH_VERSION);
>+
>+	if (options.suppress_version_string) {
>+		snprintf(buf, sizeof buf, "SSH-%d.%d\n", major, minor);
>+	}
>+	else {
>+		snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s\n", major, minor, SSH_VERSION);
>+	}
>+	
> 	server_version_string = xstrdup(buf);
> 
> 	/* Send our protocol version identification. */
>diff -u openssh-3.9p1.orig/sshd_config.5 openssh-3.9p1/sshd_config.5
>--- openssh-3.9p1.orig/sshd_config.5	2005-04-01 22:07:29.920290144 -0500
>+++ openssh-3.9p1/sshd_config.5	2005-04-02 21:22:51.106735216 -0500
>@@ -587,6 +587,11 @@
> file transfer subsystem.
> By default no subsystems are defined.
> Note that this option applies to protocol version 2 only.
>+.It Cm SuppressVersionString
>+Turns off version string information to prevent fingerprinting via
>+banner grabs.
>+The default is
>+.Dq yes .
> .It Cm SyslogFacility
> Gives the facility code that is used when logging messages from
> .Nm sshd .

Actions: View | Diff

Attachments on bug 764: 523 | 524 | 866