| Summary: | /etc/issue.net special characters should be supported | ||
|---|---|---|---|
| Product: | Portable OpenSSH | Reporter: | Florian Effenberger <floeff> |
| Component: | sshd | Assignee: | OpenSSH Bugzilla mailing list <openssh-bugs> |
| Status: | CLOSED WONTFIX | ||
| Severity: | enhancement | ||
| Priority: | P2 | ||
| Version: | 3.8p1 | ||
| Hardware: | All | ||
| OS: | Linux | ||
|
Description
Florian Effenberger
2004-05-17 23:17:01 AEST
I don't think so - these are a Linuxism with would require addition of a bit of complexity. Besides, I don't think it is a good idea to advertise one's kernel version and machine architecture to a potential attacker. It would be very practical to show some important information to SSH users. /etc/issue.net can contain some other stuff than kernel information as well :) At least please provide an OpenSSH-unique format for displaying this information, e.g. with $kernelver, $architecture, etc. in the OpenSSH banner file. Regarding the disclosure of information to remote users: Please also have a look at bug 764 If you read bug #764, you will see that it is information disclosure that is required for compatibility. We would probably like to get rid of it one day, but not until the protocol is published as an RFC and not before we are willing to give up compatibility with pre-RFC versions. Back to this bug: I don't see any benefit in adding complexity to sshd to allow users to disclose more information. If you really want to make this information public, why not autogenerate issue.net at boot time? (OpenBSD does just this with /etc/motd) Also, keep in mind that Linux itself has three different "standard" getty applications - mingetty, mgetty and agetty. All three take different escape sequences for /etc/issue*. And all of the escape sequences contain info that's pretty easily gleaned from perl or another scripting language of choice to generate at boot or at intervals. Ok, acknowledged ;) |