Tuesday, July 13, 2010

Identified Ubuntu version from SSH banner

Many times seeing the SSH full banner, I have to googling it for the OS version. I decided I should collect them here.

Let me note a little knowledge about banner (identification string in RFC).

Following RFC 4253 (section 4.2. Protocol Version Exchange), after connection established, the client and server MUST send an identification string. The identification string MUST be

SSH-protoversion-softwareversion SP comments CR LF

The 'comments' string is OPTIONAL. Below are example of valid identification string:
- SSH-2.0-OpenSSH_5.1p1 Debian-5ubuntu1
- SSH-2.0-PuTTY_Release_0.60

To make it easy, I call the identification string as "banner". From the example banners, they are very easy to guess the product name and version. The banner can be for more useful.

As told in title, the default banner can be used for identified Linux distribution and version. For example, the banner "SSH-2.0-OpenSSH_5.1p1 Debian-5ubuntu1" is identified as Ubuntu 9.04. However, of course, it's work only if administrator installs the binary package from its own distribution.

Before going to a list of SSH banner and OS version, I want to say it again "the client and server MUST send an identification string". It means you can identify OS of client and server.

Here is the list that I checked
Ubuntu 5.10:  SSH-2.0-OpenSSH_4.1p1 Debian-7ubuntu4
Ubuntu 6.04:  SSH-2.0-OpenSSH_4.2p1 Debian-7ubuntu3[.x]
Ubuntu 7.04:  SSH-2.0-OpenSSH_4.3p2 Debian-8ubuntu1[.x]
Ubuntu 7.10:  SSH-2.0-OpenSSH_4.6p1 Debian-5ubuntu0[.x]
Ubuntu 8.04:  SSH-2.0-OpenSSH_4.7p1 Debian-8ubuntu1[.x]
Ubuntu 8.10:  SSH-2.0-OpenSSH_5.1p1 Debian-3ubuntu1
Ubuntu 9.04:  SSH-2.0-OpenSSH_5.1p1 Debian-5ubuntu1
Ubuntu 9.10:  SSH-2.0-OpenSSH_5.1p1 Debian-6ubuntu2
Ubuntu 10.04: SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu3
Ubuntu 10.04.1: SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu4
Ubuntu 10.04.2: SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu{5,6}
Ubuntu 10.04.3: SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu7
Ubuntu 10.10: SSH-2.0-OpenSSH_5.5p1 Debian-4ubuntu{4,5}
Ubuntu 11.04: SSH-2.0-OpenSSH_5.8p1 Debian-1ubuntu3
Ubuntu 11.10: SSH-2.0-OpenSSH_5.8p1 Debian-7ubuntu1

Why only Ubuntu?
Because I know Ubuntu upgrade OpenSSH only when they release a new version. I do not know other distributions.

But I also list other default banners :)
Debian 4:  SSH-2.0-OpenSSH_4.3p2 Debian-9
Debian 5:  SSH-2.0-OpenSSH_5.1p1 Debian-5
Debian 6:  SSH-2.0-OpenSSH_5.5p1 Debian-6

FreeBSD 7.0:  SSH-2.0-OpenSSH_4.5p1 FreeBSD-20061110
FreeBSD 7.2:  SSH-2.0-OpenSSH_5.1p1 FreeBSD-20080901
FreeBSD 8.0:  SSH-2.0-OpenSSH_5.2p1 FreeBSD-20090522
FreeBSD 8.1:  SSH-2.0-OpenSSH_5.4p1 FreeBSD-20100308
FreeBSD 9.0:  SSH-2.0-OpenSSH_5.8p2_hpn13v11 FreeBSD-20110503

openSUSE 10.0: SSH-2.0-OpenSSH_5.0
openSUSE 10.1: SSH-2.0-OpenSSH_5.1
openSUSE 10.2: SSH-2.0-OpenSSH_5.2

CentOS 4.x:  SSH-2.0-OpenSSH_3.9
CentOS 5.x:  SSH-2.0-OpenSSH_4.3
CentOS 6.x:  SSH-2.0-OpenSSH_5.3

Fedora 12:  SSH-2.0-OpenSSH_5.2
Fedora 13:  SSH-2.0-OpenSSH_5.4
Fedora 14:  SSH-2.0-OpenSSH_5.5
Fedora 15:  SSH-2.0-OpenSSH_5.6
Fedora 16:  SSH-2.0-OpenSSH_5.8
It seems the distributions that derived from RedHat show only OpenSSH version and no "pX" after version.

6 comments:

  1. I don't suppose you know how to *stop* it showing the operating system information after the SSHd information? It's a security risk.

    ReplyDelete
  2. helpful, Thank you

    ReplyDelete
  3. Thank's a lot.It was helpful.

    ReplyDelete
  4. put DebianBanner "no" to /etc/ssh/sshd_config :-)

    ReplyDelete
  5. Hello, i believe that i noticed you visited my web site thus i
    came to go back the want?.I'm trying to find things to improve my web site!I guess its ok to make use of some of your ideas!!

    Here is my web site Is weight reduction very important to managing abnormality?

    ReplyDelete