diff options
| -rw-r--r-- | servconf.c | 9 | ||||
| -rw-r--r-- | servconf.h | 2 | ||||
| -rw-r--r-- | sshd.c | 3 | ||||
| -rw-r--r-- | sshd_config.5 | 5 |
4 files changed, 18 insertions, 1 deletions
diff --git a/servconf.c b/servconf.c index b3a2841fb..bec53e00e 100644 --- a/servconf.c +++ b/servconf.c | |||
| @@ -166,6 +166,7 @@ initialize_server_options(ServerOptions *options) | |||
| 166 | options->ip_qos_bulk = -1; | 166 | options->ip_qos_bulk = -1; |
| 167 | options->version_addendum = NULL; | 167 | options->version_addendum = NULL; |
| 168 | options->fingerprint_hash = -1; | 168 | options->fingerprint_hash = -1; |
| 169 | options->debian_banner = -1; | ||
| 169 | } | 170 | } |
| 170 | 171 | ||
| 171 | /* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */ | 172 | /* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */ |
| @@ -342,6 +343,8 @@ fill_default_server_options(ServerOptions *options) | |||
| 342 | options->fwd_opts.streamlocal_bind_unlink = 0; | 343 | options->fwd_opts.streamlocal_bind_unlink = 0; |
| 343 | if (options->fingerprint_hash == -1) | 344 | if (options->fingerprint_hash == -1) |
| 344 | options->fingerprint_hash = SSH_FP_HASH_DEFAULT; | 345 | options->fingerprint_hash = SSH_FP_HASH_DEFAULT; |
| 346 | if (options->debian_banner == -1) | ||
| 347 | options->debian_banner = 1; | ||
| 345 | /* Turn privilege separation on by default */ | 348 | /* Turn privilege separation on by default */ |
| 346 | if (use_privsep == -1) | 349 | if (use_privsep == -1) |
| 347 | use_privsep = PRIVSEP_NOSANDBOX; | 350 | use_privsep = PRIVSEP_NOSANDBOX; |
| @@ -412,6 +415,7 @@ typedef enum { | |||
| 412 | sAuthenticationMethods, sHostKeyAgent, sPermitUserRC, | 415 | sAuthenticationMethods, sHostKeyAgent, sPermitUserRC, |
| 413 | sStreamLocalBindMask, sStreamLocalBindUnlink, | 416 | sStreamLocalBindMask, sStreamLocalBindUnlink, |
| 414 | sAllowStreamLocalForwarding, sFingerprintHash, | 417 | sAllowStreamLocalForwarding, sFingerprintHash, |
| 418 | sDebianBanner, | ||
| 415 | sDeprecated, sUnsupported | 419 | sDeprecated, sUnsupported |
| 416 | } ServerOpCodes; | 420 | } ServerOpCodes; |
| 417 | 421 | ||
| @@ -556,6 +560,7 @@ static struct { | |||
| 556 | { "streamlocalbindunlink", sStreamLocalBindUnlink, SSHCFG_ALL }, | 560 | { "streamlocalbindunlink", sStreamLocalBindUnlink, SSHCFG_ALL }, |
| 557 | { "allowstreamlocalforwarding", sAllowStreamLocalForwarding, SSHCFG_ALL }, | 561 | { "allowstreamlocalforwarding", sAllowStreamLocalForwarding, SSHCFG_ALL }, |
| 558 | { "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL }, | 562 | { "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL }, |
| 563 | { "debianbanner", sDebianBanner, SSHCFG_GLOBAL }, | ||
| 559 | { NULL, sBadOption, 0 } | 564 | { NULL, sBadOption, 0 } |
| 560 | }; | 565 | }; |
| 561 | 566 | ||
| @@ -1777,6 +1782,10 @@ process_server_config_line(ServerOptions *options, char *line, | |||
| 1777 | options->fingerprint_hash = value; | 1782 | options->fingerprint_hash = value; |
| 1778 | break; | 1783 | break; |
| 1779 | 1784 | ||
| 1785 | case sDebianBanner: | ||
| 1786 | intptr = &options->debian_banner; | ||
| 1787 | goto parse_int; | ||
| 1788 | |||
| 1780 | case sDeprecated: | 1789 | case sDeprecated: |
| 1781 | logit("%s line %d: Deprecated option %s", | 1790 | logit("%s line %d: Deprecated option %s", |
| 1782 | filename, linenum, arg); | 1791 | filename, linenum, arg); |
diff --git a/servconf.h b/servconf.h index d2ed4d78b..ed0f17167 100644 --- a/servconf.h +++ b/servconf.h | |||
| @@ -192,6 +192,8 @@ typedef struct { | |||
| 192 | char *auth_methods[MAX_AUTH_METHODS]; | 192 | char *auth_methods[MAX_AUTH_METHODS]; |
| 193 | 193 | ||
| 194 | int fingerprint_hash; | 194 | int fingerprint_hash; |
| 195 | |||
| 196 | int debian_banner; | ||
| 195 | } ServerOptions; | 197 | } ServerOptions; |
| 196 | 198 | ||
| 197 | /* Information about the incoming connection as used by Match */ | 199 | /* Information about the incoming connection as used by Match */ |
| @@ -442,7 +442,8 @@ sshd_exchange_identification(int sock_in, int sock_out) | |||
| 442 | } | 442 | } |
| 443 | 443 | ||
| 444 | xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s", | 444 | xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s", |
| 445 | major, minor, SSH_RELEASE, | 445 | major, minor, |
| 446 | options.debian_banner ? SSH_RELEASE : SSH_RELEASE_MINIMUM, | ||
| 446 | *options.version_addendum == '\0' ? "" : " ", | 447 | *options.version_addendum == '\0' ? "" : " ", |
| 447 | options.version_addendum, newline); | 448 | options.version_addendum, newline); |
| 448 | 449 | ||
diff --git a/sshd_config.5 b/sshd_config.5 index d14576e69..ec58635d9 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
| @@ -476,6 +476,11 @@ or | |||
| 476 | .Dq no . | 476 | .Dq no . |
| 477 | The default is | 477 | The default is |
| 478 | .Dq delayed . | 478 | .Dq delayed . |
| 479 | .It Cm DebianBanner | ||
| 480 | Specifies whether the distribution-specified extra version suffix is | ||
| 481 | included during initial protocol handshake. | ||
| 482 | The default is | ||
| 483 | .Dq yes . | ||
| 479 | .It Cm DenyGroups | 484 | .It Cm DenyGroups |
| 480 | This keyword can be followed by a list of group name patterns, separated | 485 | This keyword can be followed by a list of group name patterns, separated |
| 481 | by spaces. | 486 | by spaces. |