summaryrefslogtreecommitdiff
path: root/kex.c
diff options
context:
space:
mode:
authorMatthew Vernon <matthew@debian.org>2014-02-09 16:10:05 +0000
committerColin Watson <cjwatson@debian.org>2019-06-05 13:11:52 +0100
commit85e700a732e9a308eeee67f5a284e19fd6befbb8 (patch)
tree636703f316687b6657870e21984048489ffe0854 /kex.c
parent15b7cc25dea4efdef7fdd129d0e3d1a091afd67b (diff)
Include the Debian version in our identification
This makes it easier to audit networks for versions patched against security vulnerabilities. It has little detrimental effect, as attackers will generally just try attacks rather than bothering to scan for vulnerable-looking version strings. (However, see debian-banner.patch.) Forwarded: not-needed Last-Update: 2019-06-05 Patch-Name: package-versioning.patch
Diffstat (limited to 'kex.c')
-rw-r--r--kex.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/kex.c b/kex.c
index a2a4794e8..be354206d 100644
--- a/kex.c
+++ b/kex.c
@@ -1186,7 +1186,7 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
1186 if (version_addendum != NULL && *version_addendum == '\0') 1186 if (version_addendum != NULL && *version_addendum == '\0')
1187 version_addendum = NULL; 1187 version_addendum = NULL;
1188 if ((r = sshbuf_putf(our_version, "SSH-%d.%d-%.100s%s%s\r\n", 1188 if ((r = sshbuf_putf(our_version, "SSH-%d.%d-%.100s%s%s\r\n",
1189 PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION, 1189 PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE,
1190 version_addendum == NULL ? "" : " ", 1190 version_addendum == NULL ? "" : " ",
1191 version_addendum == NULL ? "" : version_addendum)) != 0) { 1191 version_addendum == NULL ? "" : version_addendum)) != 0) {
1192 error("%s: sshbuf_putf: %s", __func__, ssh_err(r)); 1192 error("%s: sshbuf_putf: %s", __func__, ssh_err(r));