OpenSSH Hide Version Number From Clients

by on September 13, 2010 · 0 comments· LAST UPDATED September 13, 2010

in

How do I hide ssh number from clients? When I type the following command it displays server version number to end users:

ssh -v server2.example.com
OpenSSH_5.3p1 Debian-3ubuntu4, OpenSSL 0.9.8k 25 Mar 2009
debug1: Reading configuration data /home/vivek/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to server2.example.com [123.x.y.z] port 22.
debug1: Connection established.
debug1: identity file /home/vivek/.ssh/identity type -1
debug1: identity file /home/vivek/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/vivek/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH_4*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu4

OR

telnet server2.example.com 22
Trying 123.x.y.z...
Connected to v.txvip1.
Escape character is '^]'.
SSH-2.0-OpenSSH_4.3

Why does OpenSSH server report its version to clients?

Short answer from the OpenSSH FAQ:

This information is used by clients and servers to enable protocol compatibility tweaks to work around changed, buggy or missing features in the implementation they are talking to. This protocol feature checking is still required at present because versions with incompatibilities are still in wide use.

In other words it is necessary for compatibility. To hide openssh version, you need to update OpenSSH source code and compile openssh again. You will not get any support for your modified version. I highly recommend our OpenSSH server best security practices guide.

TwitterFacebookGoogle+PDF versionFound an error/typo on this page? Help us!

{ 0 comments… add one now }

Leave a Comment

Tagged as: , , , , , , , , , , , , , , , ,

Previous Faq:

Next Faq: