summaryrefslogtreecommitdiff
path: root/kex.c
diff options
context:
space:
mode:
authorMatthew Vernon <matthew@debian.org>2014-02-09 16:10:05 +0000
committerColin Watson <cjwatson@debian.org>2020-10-18 12:07:21 +0100
commit707144d399b9fc959a4f6be3fd8e239c208c88ff (patch)
treea7fec98d251d4d7501b2e21c4f133760e6d47ad0 /kex.c
parentc8da63c601b5d44fd233548385809c9c3a2fa0b8 (diff)
Include the Debian version in our identification
This makes it easier to audit networks for versions patched against security vulnerabilities. It has little detrimental effect, as attackers will generally just try attacks rather than bothering to scan for vulnerable-looking version strings. (However, see debian-banner.patch.) Forwarded: not-needed Last-Update: 2019-06-05 Patch-Name: package-versioning.patch
Diffstat (limited to 'kex.c')
-rw-r--r--kex.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/kex.c b/kex.c
index 751cfc710..ce7bb5b3b 100644
--- a/kex.c
+++ b/kex.c
@@ -1243,7 +1243,7 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
1243 if (version_addendum != NULL && *version_addendum == '\0') 1243 if (version_addendum != NULL && *version_addendum == '\0')
1244 version_addendum = NULL; 1244 version_addendum = NULL;
1245 if ((r = sshbuf_putf(our_version, "SSH-%d.%d-%.100s%s%s\r\n", 1245 if ((r = sshbuf_putf(our_version, "SSH-%d.%d-%.100s%s%s\r\n",
1246 PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION, 1246 PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE,
1247 version_addendum == NULL ? "" : " ", 1247 version_addendum == NULL ? "" : " ",
1248 version_addendum == NULL ? "" : version_addendum)) != 0) { 1248 version_addendum == NULL ? "" : version_addendum)) != 0) {
1249 oerrno = errno; 1249 oerrno = errno;