diff options
| author | Kees Cook <kees@debian.org> | 2014-02-09 16:10:06 +0000 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2015-09-17 13:52:40 +0100 |
| commit | 79b8c11f2b7a8258dee45e8f10ee58d0f4e48340 (patch) | |
| tree | 4b8d26b00917eee2ea167468f0075fa0df2ab730 /servconf.c | |
| parent | 6de10ec1ff53c5b52621244b66cae91df3901fa2 (diff) | |
Add DebianBanner server configuration option
Setting this to "no" causes sshd to omit the Debian revision from its
initial protocol handshake, for those scared by package-versioning.patch.
Bug-Debian: http://bugs.debian.org/562048
Forwarded: not-needed
Last-Update: 2015-08-19
Patch-Name: debian-banner.patch
Diffstat (limited to 'servconf.c')
| -rw-r--r-- | servconf.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/servconf.c b/servconf.c index 8a5bd7b3e..fe3e31157 100644 --- a/servconf.c +++ b/servconf.c | |||
| @@ -169,6 +169,7 @@ initialize_server_options(ServerOptions *options) | |||
| 169 | options->ip_qos_bulk = -1; | 169 | options->ip_qos_bulk = -1; |
| 170 | options->version_addendum = NULL; | 170 | options->version_addendum = NULL; |
| 171 | options->fingerprint_hash = -1; | 171 | options->fingerprint_hash = -1; |
| 172 | options->debian_banner = -1; | ||
| 172 | } | 173 | } |
| 173 | 174 | ||
| 174 | /* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */ | 175 | /* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */ |
| @@ -347,6 +348,8 @@ fill_default_server_options(ServerOptions *options) | |||
| 347 | options->fwd_opts.streamlocal_bind_unlink = 0; | 348 | options->fwd_opts.streamlocal_bind_unlink = 0; |
| 348 | if (options->fingerprint_hash == -1) | 349 | if (options->fingerprint_hash == -1) |
| 349 | options->fingerprint_hash = SSH_FP_HASH_DEFAULT; | 350 | options->fingerprint_hash = SSH_FP_HASH_DEFAULT; |
| 351 | if (options->debian_banner == -1) | ||
| 352 | options->debian_banner = 1; | ||
| 350 | /* Turn privilege separation on by default */ | 353 | /* Turn privilege separation on by default */ |
| 351 | if (use_privsep == -1) | 354 | if (use_privsep == -1) |
| 352 | use_privsep = PRIVSEP_NOSANDBOX; | 355 | use_privsep = PRIVSEP_NOSANDBOX; |
| @@ -419,6 +422,7 @@ typedef enum { | |||
| 419 | sAuthenticationMethods, sHostKeyAgent, sPermitUserRC, | 422 | sAuthenticationMethods, sHostKeyAgent, sPermitUserRC, |
| 420 | sStreamLocalBindMask, sStreamLocalBindUnlink, | 423 | sStreamLocalBindMask, sStreamLocalBindUnlink, |
| 421 | sAllowStreamLocalForwarding, sFingerprintHash, | 424 | sAllowStreamLocalForwarding, sFingerprintHash, |
| 425 | sDebianBanner, | ||
| 422 | sDeprecated, sUnsupported | 426 | sDeprecated, sUnsupported |
| 423 | } ServerOpCodes; | 427 | } ServerOpCodes; |
| 424 | 428 | ||
| @@ -565,6 +569,7 @@ static struct { | |||
| 565 | { "streamlocalbindunlink", sStreamLocalBindUnlink, SSHCFG_ALL }, | 569 | { "streamlocalbindunlink", sStreamLocalBindUnlink, SSHCFG_ALL }, |
| 566 | { "allowstreamlocalforwarding", sAllowStreamLocalForwarding, SSHCFG_ALL }, | 570 | { "allowstreamlocalforwarding", sAllowStreamLocalForwarding, SSHCFG_ALL }, |
| 567 | { "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL }, | 571 | { "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL }, |
| 572 | { "debianbanner", sDebianBanner, SSHCFG_GLOBAL }, | ||
| 568 | { NULL, sBadOption, 0 } | 573 | { NULL, sBadOption, 0 } |
| 569 | }; | 574 | }; |
| 570 | 575 | ||
| @@ -1850,6 +1855,10 @@ process_server_config_line(ServerOptions *options, char *line, | |||
| 1850 | options->fingerprint_hash = value; | 1855 | options->fingerprint_hash = value; |
| 1851 | break; | 1856 | break; |
| 1852 | 1857 | ||
| 1858 | case sDebianBanner: | ||
| 1859 | intptr = &options->debian_banner; | ||
| 1860 | goto parse_int; | ||
| 1861 | |||
| 1853 | case sDeprecated: | 1862 | case sDeprecated: |
| 1854 | logit("%s line %d: Deprecated option %s", | 1863 | logit("%s line %d: Deprecated option %s", |
| 1855 | filename, linenum, arg); | 1864 | filename, linenum, arg); |