How do I hide ssh number from clients? When I type the following command it displays server version number to end users:
ssh -v server2.example.com OpenSSH_5.3p1 Debian-3ubuntu4, OpenSSL 0.9.8k 25 Mar 2009 debug1: Reading configuration data /home/vivek/.ssh/config debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to server2.example.com [123.x.y.z] port 22. debug1: Connection established. debug1: identity file /home/vivek/.ssh/identity type -1 debug1: identity file /home/vivek/.ssh/id_rsa type 1 debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048 debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048 debug1: identity file /home/vivek/.ssh/id_dsa type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3 debug1: match: OpenSSH_4.3 pat OpenSSH_4* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu4
telnet server2.example.com 22 Trying 123.x.y.z... Connected to v.txvip1. Escape character is '^]'. SSH-2.0-OpenSSH_4.3
Why does OpenSSH server report its version to clients?
Short answer from the OpenSSH FAQ:
This information is used by clients and servers to enable protocol compatibility tweaks to work around changed, buggy or missing features in the implementation they are talking to. This protocol feature checking is still required at present because versions with incompatibilities are still in wide use.
In other words it is necessary for compatibility. To hide openssh version, you need to update OpenSSH source code and compile openssh again. You will not get any support for your modified version. I highly recommend our OpenSSH server best security practices guide.