Created attachment 3244 [details] OpenSSH version captured from wireshark Cyber security team has recommended to disable the OpenSSH software version advertising when the connection has been established. RFC 4253 Says : The software version part is used commonly for interoperability and it is also not good idea to remove it. OpenSSH software version advertising is part of the compiled code and do not have configuration options to alter or suppress them. You have to modify the below code and recompile the software. src/ssh/version.h -- #define SSH_VERSION "OpenSSH_7.6" ++ #define SSH_VERSION " " // length should be > 0 It will be good if you provide that option in sshd configuration file. Thanks & Regards, Nagesh
Sorry but there is zero chance we will offer this as an option. The version number is used for a number of compatibility tweaks and bug workarounds, so removing it would greatly hinder our ability to interoperate and improve the protocol over time. I'd also say that your security advise is bad: hiding the version number doesn't prevent an attacker from attempting exploits and doesn't even prevent the attacker from learning the version of software in use (protocol fingerprinting).
close bugs that were resolved in OpenSSH 8.5 release cycle