diff options
| author | Matthew Vernon <matthew@debian.org> | 2014-02-09 16:10:05 +0000 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2016-12-23 11:25:03 +0000 |
| commit | cdce59c8c54d6d19ca0aa86cb4a62f6df94c7245 (patch) | |
| tree | ede94e59e1fb7fd0254133e98e9b456cf4682faf | |
| parent | e39bf0e814394fb5a14094b651f3bf9ddec0a782 (diff) | |
Include the Debian version in our identification
This makes it easier to audit networks for versions patched against security
vulnerabilities. It has little detrimental effect, as attackers will
generally just try attacks rather than bothering to scan for
vulnerable-looking version strings. (However, see debian-banner.patch.)
Forwarded: not-needed
Last-Update: 2013-09-14
Patch-Name: package-versioning.patch
| -rw-r--r-- | sshconnect.c | 4 | ||||
| -rw-r--r-- | sshd.c | 2 | ||||
| -rw-r--r-- | version.h | 7 |
3 files changed, 9 insertions, 4 deletions
diff --git a/sshconnect.c b/sshconnect.c index 1cc556e86..c64c51bbb 100644 --- a/sshconnect.c +++ b/sshconnect.c | |||
| @@ -526,10 +526,10 @@ send_client_banner(int connection_out, int minor1) | |||
| 526 | /* Send our own protocol version identification. */ | 526 | /* Send our own protocol version identification. */ |
| 527 | if (compat20) { | 527 | if (compat20) { |
| 528 | xasprintf(&client_version_string, "SSH-%d.%d-%.100s\r\n", | 528 | xasprintf(&client_version_string, "SSH-%d.%d-%.100s\r\n", |
| 529 | PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION); | 529 | PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE); |
| 530 | } else { | 530 | } else { |
| 531 | xasprintf(&client_version_string, "SSH-%d.%d-%.100s\n", | 531 | xasprintf(&client_version_string, "SSH-%d.%d-%.100s\n", |
| 532 | PROTOCOL_MAJOR_1, minor1, SSH_VERSION); | 532 | PROTOCOL_MAJOR_1, minor1, SSH_RELEASE); |
| 533 | } | 533 | } |
| 534 | if (atomicio(vwrite, connection_out, client_version_string, | 534 | if (atomicio(vwrite, connection_out, client_version_string, |
| 535 | strlen(client_version_string)) != strlen(client_version_string)) | 535 | strlen(client_version_string)) != strlen(client_version_string)) |
| @@ -378,7 +378,7 @@ sshd_exchange_identification(struct ssh *ssh, int sock_in, int sock_out) | |||
| 378 | char remote_version[256]; /* Must be at least as big as buf. */ | 378 | char remote_version[256]; /* Must be at least as big as buf. */ |
| 379 | 379 | ||
| 380 | xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s", | 380 | xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s", |
| 381 | PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION, | 381 | PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE, |
| 382 | *options.version_addendum == '\0' ? "" : " ", | 382 | *options.version_addendum == '\0' ? "" : " ", |
| 383 | options.version_addendum, newline); | 383 | options.version_addendum, newline); |
| 384 | 384 | ||
| @@ -3,4 +3,9 @@ | |||
| 3 | #define SSH_VERSION "OpenSSH_7.4" | 3 | #define SSH_VERSION "OpenSSH_7.4" |
| 4 | 4 | ||
| 5 | #define SSH_PORTABLE "p1" | 5 | #define SSH_PORTABLE "p1" |
| 6 | #define SSH_RELEASE SSH_VERSION SSH_PORTABLE | 6 | #define SSH_RELEASE_MINIMUM SSH_VERSION SSH_PORTABLE |
| 7 | #ifdef SSH_EXTRAVERSION | ||
| 8 | #define SSH_RELEASE SSH_RELEASE_MINIMUM " " SSH_EXTRAVERSION | ||
| 9 | #else | ||
| 10 | #define SSH_RELEASE SSH_RELEASE_MINIMUM | ||
| 11 | #endif | ||