OpenSSH Hide Version Number From Clients

Posted on in Categories last updated September 13, 2010

How do I hide ssh number from clients? When I type the following command it displays server version number to end users:

ssh -v server2.example.com

OpenSSH_5.3p1 Debian-3ubuntu4, OpenSSL 0.9.8k 25 Mar 2009
debug1: Reading configuration data /home/vivek/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to server2.example.com [123.x.y.z] port 22.
debug1: Connection established.
debug1: identity file /home/vivek/.ssh/identity type -1
debug1: identity file /home/vivek/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/vivek/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH_4*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu4

OR

telnet server2.example.com 22
Trying 123.x.y.z...
Connected to v.txvip1.
Escape character is '^]'.
SSH-2.0-OpenSSH_4.3

Why does OpenSSH server report its version to clients?

Iptables is not sending LOG to syslog file

Posted on in Categories , , , last updated November 22, 2007

Q. I am running SSH/MySQL/Webserver and setup iptables based firewall. But my logs are send to console rather than the system log files. How do make sure that iptables LOG target messages are send to /var/log/messages file?

A. IPTABLES LOG module turns on kernel logging of matching packets. When this option is set for a rule, the Linux kernel will print some information on all matching packets (like most IP header fields) via the kernel log where it can be read with
dmesg or syslogd.

You can configure level of logging with an option called –log-level level. For example, drop and LOG all incoming port 22 TCP, message:
iptables -I OUTPUT -j LOG --log-level crit -p tcp --dport 22

Read man pages of iptables and syslog.conf for more info.