diff options
| -rw-r--r-- | servconf.c | 9 | ||||
| -rw-r--r-- | servconf.h | 2 | ||||
| -rw-r--r-- | sshd.c | 3 | ||||
| -rw-r--r-- | sshd_config.5 | 5 |
4 files changed, 18 insertions, 1 deletions
diff --git a/servconf.c b/servconf.c index 9155a8b70..a2928ff57 100644 --- a/servconf.c +++ b/servconf.c | |||
| @@ -157,6 +157,7 @@ initialize_server_options(ServerOptions *options) | |||
| 157 | options->ip_qos_interactive = -1; | 157 | options->ip_qos_interactive = -1; |
| 158 | options->ip_qos_bulk = -1; | 158 | options->ip_qos_bulk = -1; |
| 159 | options->version_addendum = NULL; | 159 | options->version_addendum = NULL; |
| 160 | options->debian_banner = -1; | ||
| 160 | } | 161 | } |
| 161 | 162 | ||
| 162 | void | 163 | void |
| @@ -310,6 +311,8 @@ fill_default_server_options(ServerOptions *options) | |||
| 310 | options->ip_qos_bulk = IPTOS_THROUGHPUT; | 311 | options->ip_qos_bulk = IPTOS_THROUGHPUT; |
| 311 | if (options->version_addendum == NULL) | 312 | if (options->version_addendum == NULL) |
| 312 | options->version_addendum = xstrdup(""); | 313 | options->version_addendum = xstrdup(""); |
| 314 | if (options->debian_banner == -1) | ||
| 315 | options->debian_banner = 1; | ||
| 313 | /* Turn privilege separation on by default */ | 316 | /* Turn privilege separation on by default */ |
| 314 | if (use_privsep == -1) | 317 | if (use_privsep == -1) |
| 315 | use_privsep = PRIVSEP_NOSANDBOX; | 318 | use_privsep = PRIVSEP_NOSANDBOX; |
| @@ -360,6 +363,7 @@ typedef enum { | |||
| 360 | sKexAlgorithms, sIPQoS, sVersionAddendum, | 363 | sKexAlgorithms, sIPQoS, sVersionAddendum, |
| 361 | sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, | 364 | sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, |
| 362 | sAuthenticationMethods, sHostKeyAgent, | 365 | sAuthenticationMethods, sHostKeyAgent, |
| 366 | sDebianBanner, | ||
| 363 | sDeprecated, sUnsupported | 367 | sDeprecated, sUnsupported |
| 364 | } ServerOpCodes; | 368 | } ServerOpCodes; |
| 365 | 369 | ||
| @@ -501,6 +505,7 @@ static struct { | |||
| 501 | { "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL }, | 505 | { "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL }, |
| 502 | { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL }, | 506 | { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL }, |
| 503 | { "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL }, | 507 | { "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL }, |
| 508 | { "debianbanner", sDebianBanner, SSHCFG_GLOBAL }, | ||
| 504 | { NULL, sBadOption, 0 } | 509 | { NULL, sBadOption, 0 } |
| 505 | }; | 510 | }; |
| 506 | 511 | ||
| @@ -1648,6 +1653,10 @@ process_server_config_line(ServerOptions *options, char *line, | |||
| 1648 | } | 1653 | } |
| 1649 | return 0; | 1654 | return 0; |
| 1650 | 1655 | ||
| 1656 | case sDebianBanner: | ||
| 1657 | intptr = &options->debian_banner; | ||
| 1658 | goto parse_int; | ||
| 1659 | |||
| 1651 | case sDeprecated: | 1660 | case sDeprecated: |
| 1652 | logit("%s line %d: Deprecated option %s", | 1661 | logit("%s line %d: Deprecated option %s", |
| 1653 | filename, linenum, arg); | 1662 | filename, linenum, arg); |
diff --git a/servconf.h b/servconf.h index f655c5bf7..fd72ce2a3 100644 --- a/servconf.h +++ b/servconf.h | |||
| @@ -188,6 +188,8 @@ typedef struct { | |||
| 188 | 188 | ||
| 189 | u_int num_auth_methods; | 189 | u_int num_auth_methods; |
| 190 | char *auth_methods[MAX_AUTH_METHODS]; | 190 | char *auth_methods[MAX_AUTH_METHODS]; |
| 191 | |||
| 192 | int debian_banner; | ||
| 191 | } ServerOptions; | 193 | } ServerOptions; |
| 192 | 194 | ||
| 193 | /* Information about the incoming connection as used by Match */ | 195 | /* Information about the incoming connection as used by Match */ |
| @@ -440,7 +440,8 @@ sshd_exchange_identification(int sock_in, int sock_out) | |||
| 440 | } | 440 | } |
| 441 | 441 | ||
| 442 | xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s", | 442 | xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s", |
| 443 | major, minor, SSH_RELEASE, | 443 | major, minor, |
| 444 | options.debian_banner ? SSH_RELEASE : SSH_RELEASE_MINIMUM, | ||
| 444 | *options.version_addendum == '\0' ? "" : " ", | 445 | *options.version_addendum == '\0' ? "" : " ", |
| 445 | options.version_addendum, newline); | 446 | options.version_addendum, newline); |
| 446 | 447 | ||
diff --git a/sshd_config.5 b/sshd_config.5 index 510cc7cb2..eaf8d01a2 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
| @@ -404,6 +404,11 @@ or | |||
| 404 | .Dq no . | 404 | .Dq no . |
| 405 | The default is | 405 | The default is |
| 406 | .Dq delayed . | 406 | .Dq delayed . |
| 407 | .It Cm DebianBanner | ||
| 408 | Specifies whether the distribution-specified extra version suffix is | ||
| 409 | included during initial protocol handshake. | ||
| 410 | The default is | ||
| 411 | .Dq yes . | ||
| 407 | .It Cm DenyGroups | 412 | .It Cm DenyGroups |
| 408 | This keyword can be followed by a list of group name patterns, separated | 413 | This keyword can be followed by a list of group name patterns, separated |
| 409 | by spaces. | 414 | by spaces. |