From 68ebfc0e90ceb0f7b24dfb38979df6a80b7ec9e4 Mon Sep 17 00:00:00 2001 From: Kees Cook Date: Sun, 9 Feb 2014 16:10:06 +0000 Subject: Add DebianBanner server configuration option Setting this to "no" causes sshd to omit the Debian revision from its initial protocol handshake, for those scared by package-versioning.patch. Bug-Debian: http://bugs.debian.org/562048 Forwarded: not-needed Last-Update: 2013-09-14 Patch-Name: debian-banner.patch --- servconf.c | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'servconf.c') diff --git a/servconf.c b/servconf.c index 65f71ade8..63ff4ffbc 100644 --- a/servconf.c +++ b/servconf.c @@ -157,6 +157,7 @@ initialize_server_options(ServerOptions *options) options->ip_qos_interactive = -1; options->ip_qos_bulk = -1; options->version_addendum = NULL; + options->debian_banner = -1; } void @@ -312,6 +313,8 @@ fill_default_server_options(ServerOptions *options) options->ip_qos_bulk = IPTOS_THROUGHPUT; if (options->version_addendum == NULL) options->version_addendum = xstrdup(""); + if (options->debian_banner == -1) + options->debian_banner = 1; /* Turn privilege separation on by default */ if (use_privsep == -1) use_privsep = PRIVSEP_NOSANDBOX; @@ -362,6 +365,7 @@ typedef enum { sKexAlgorithms, sIPQoS, sVersionAddendum, sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, sAuthenticationMethods, sHostKeyAgent, + sDebianBanner, sDeprecated, sUnsupported } ServerOpCodes; @@ -504,6 +508,7 @@ static struct { { "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL }, { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL }, { "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL }, + { "debianbanner", sDebianBanner, SSHCFG_GLOBAL }, { NULL, sBadOption, 0 } }; @@ -1666,6 +1671,10 @@ process_server_config_line(ServerOptions *options, char *line, } return 0; + case sDebianBanner: + intptr = &options->debian_banner; + goto parse_int; + case sDeprecated: logit("%s line %d: Deprecated option %s", filename, linenum, arg); -- cgit v1.2.3