Page MenuHomeVyOS Platform

Disable Debian Version in SSH (DebianBanner->no)
Closed, ResolvedPublicFEATURE REQUEST

Description

Hello Team,

Quite easy fix --> configuration change to do not expose SSH details in Debian style.

https://manpages.debian.org/buster/openssh-server/sshd_config.5.en.html#DebianBanner
DebianBanner

Specifies whether the distribution-specified extra version suffix is included during initial protocol handshake. The default is yes.

Once enabled, default approach:
SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2
Once disabled (not tested yet):
SSH-2.0-OpenSSH_7.9p1

It won't make more secure, but it's better to hide something which is not needed to be exposed.

Thanks,

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Security vulnerability