diff options
-rw-r--r-- | servconf.c | 9 | ||||
-rw-r--r-- | servconf.h | 2 | ||||
-rw-r--r-- | sshd.c | 3 | ||||
-rw-r--r-- | sshd_config.5 | 5 |
4 files changed, 18 insertions, 1 deletions
diff --git a/servconf.c b/servconf.c index 6caf1db38..c5dd617ef 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -182,6 +182,7 @@ initialize_server_options(ServerOptions *options) | |||
182 | options->fingerprint_hash = -1; | 182 | options->fingerprint_hash = -1; |
183 | options->disable_forwarding = -1; | 183 | options->disable_forwarding = -1; |
184 | options->expose_userauth_info = -1; | 184 | options->expose_userauth_info = -1; |
185 | options->debian_banner = -1; | ||
185 | } | 186 | } |
186 | 187 | ||
187 | /* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */ | 188 | /* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */ |
@@ -417,6 +418,8 @@ fill_default_server_options(ServerOptions *options) | |||
417 | options->disable_forwarding = 0; | 418 | options->disable_forwarding = 0; |
418 | if (options->expose_userauth_info == -1) | 419 | if (options->expose_userauth_info == -1) |
419 | options->expose_userauth_info = 0; | 420 | options->expose_userauth_info = 0; |
421 | if (options->debian_banner == -1) | ||
422 | options->debian_banner = 1; | ||
420 | 423 | ||
421 | assemble_algorithms(options); | 424 | assemble_algorithms(options); |
422 | 425 | ||
@@ -504,6 +507,7 @@ typedef enum { | |||
504 | sStreamLocalBindMask, sStreamLocalBindUnlink, | 507 | sStreamLocalBindMask, sStreamLocalBindUnlink, |
505 | sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding, | 508 | sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding, |
506 | sExposeAuthInfo, sRDomain, | 509 | sExposeAuthInfo, sRDomain, |
510 | sDebianBanner, | ||
507 | sDeprecated, sIgnore, sUnsupported | 511 | sDeprecated, sIgnore, sUnsupported |
508 | } ServerOpCodes; | 512 | } ServerOpCodes; |
509 | 513 | ||
@@ -661,6 +665,7 @@ static struct { | |||
661 | { "exposeauthinfo", sExposeAuthInfo, SSHCFG_ALL }, | 665 | { "exposeauthinfo", sExposeAuthInfo, SSHCFG_ALL }, |
662 | { "rdomain", sRDomain, SSHCFG_ALL }, | 666 | { "rdomain", sRDomain, SSHCFG_ALL }, |
663 | { "casignaturealgorithms", sCASignatureAlgorithms, SSHCFG_ALL }, | 667 | { "casignaturealgorithms", sCASignatureAlgorithms, SSHCFG_ALL }, |
668 | { "debianbanner", sDebianBanner, SSHCFG_GLOBAL }, | ||
664 | { NULL, sBadOption, 0 } | 669 | { NULL, sBadOption, 0 } |
665 | }; | 670 | }; |
666 | 671 | ||
@@ -2173,6 +2178,10 @@ process_server_config_line(ServerOptions *options, char *line, | |||
2173 | *charptr = xstrdup(arg); | 2178 | *charptr = xstrdup(arg); |
2174 | break; | 2179 | break; |
2175 | 2180 | ||
2181 | case sDebianBanner: | ||
2182 | intptr = &options->debian_banner; | ||
2183 | goto parse_flag; | ||
2184 | |||
2176 | case sDeprecated: | 2185 | case sDeprecated: |
2177 | case sIgnore: | 2186 | case sIgnore: |
2178 | case sUnsupported: | 2187 | case sUnsupported: |
diff --git a/servconf.h b/servconf.h index 3b76da816..4e3c54042 100644 --- a/servconf.h +++ b/servconf.h | |||
@@ -212,6 +212,8 @@ typedef struct { | |||
212 | int fingerprint_hash; | 212 | int fingerprint_hash; |
213 | int expose_userauth_info; | 213 | int expose_userauth_info; |
214 | u_int64_t timing_secret; | 214 | u_int64_t timing_secret; |
215 | |||
216 | int debian_banner; | ||
215 | } ServerOptions; | 217 | } ServerOptions; |
216 | 218 | ||
217 | /* Information about the incoming connection as used by Match */ | 219 | /* Information about the incoming connection as used by Match */ |
@@ -384,7 +384,8 @@ sshd_exchange_identification(struct ssh *ssh, int sock_in, int sock_out) | |||
384 | char remote_version[256]; /* Must be at least as big as buf. */ | 384 | char remote_version[256]; /* Must be at least as big as buf. */ |
385 | 385 | ||
386 | xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s\r\n", | 386 | xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s\r\n", |
387 | PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE, | 387 | PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, |
388 | options.debian_banner ? SSH_RELEASE : SSH_RELEASE_MINIMUM, | ||
388 | *options.version_addendum == '\0' ? "" : " ", | 389 | *options.version_addendum == '\0' ? "" : " ", |
389 | options.version_addendum); | 390 | options.version_addendum); |
390 | 391 | ||
diff --git a/sshd_config.5 b/sshd_config.5 index e7e55dd71..37e6be38f 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
@@ -543,6 +543,11 @@ or | |||
543 | .Cm no . | 543 | .Cm no . |
544 | The default is | 544 | The default is |
545 | .Cm yes . | 545 | .Cm yes . |
546 | .It Cm DebianBanner | ||
547 | Specifies whether the distribution-specified extra version suffix is | ||
548 | included during initial protocol handshake. | ||
549 | The default is | ||
550 | .Cm yes . | ||
546 | .It Cm DenyGroups | 551 | .It Cm DenyGroups |
547 | This keyword can be followed by a list of group name patterns, separated | 552 | This keyword can be followed by a list of group name patterns, separated |
548 | by spaces. | 553 | by spaces. |