Let me note a little knowledge about banner (identification string in RFC).
Following RFC 4253 (section 4.2. Protocol Version Exchange), after connection established, the client and server MUST send an identification string. The identification string MUST be
SSH-protoversion-softwareversion SP comments CR LF
The 'comments' string is OPTIONAL. Below are example of valid identification string:
- SSH-2.0-OpenSSH_5.1p1 Debian-5ubuntu1
- SSH-2.0-PuTTY_Release_0.60
To make it easy, I call the identification string as "banner". From the example banners, they are very easy to guess the product name and version. The banner can be for more useful.
As told in title, the default banner can be used for identified Linux distribution and version. For example, the banner "SSH-2.0-OpenSSH_5.1p1 Debian-5ubuntu1" is identified as Ubuntu 9.04. However, of course, it's work only if administrator installs the binary package from its own distribution.
Before going to a list of SSH banner and OS version, I want to say it again "the client and server MUST send an identification string". It means you can identify OS of client and server.
Here is the list that I checked
Ubuntu 5.10: SSH-2.0-OpenSSH_4.1p1 Debian-7ubuntu4 Ubuntu 6.04: SSH-2.0-OpenSSH_4.2p1 Debian-7ubuntu3[.x] Ubuntu 7.04: SSH-2.0-OpenSSH_4.3p2 Debian-8ubuntu1[.x] Ubuntu 7.10: SSH-2.0-OpenSSH_4.6p1 Debian-5ubuntu0[.x] Ubuntu 8.04: SSH-2.0-OpenSSH_4.7p1 Debian-8ubuntu1[.x] Ubuntu 8.10: SSH-2.0-OpenSSH_5.1p1 Debian-3ubuntu1 Ubuntu 9.04: SSH-2.0-OpenSSH_5.1p1 Debian-5ubuntu1 Ubuntu 9.10: SSH-2.0-OpenSSH_5.1p1 Debian-6ubuntu2 Ubuntu 10.04: SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu3 Ubuntu 10.04.1: SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu4 Ubuntu 10.04.2: SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu{5,6} Ubuntu 10.04.3: SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu7 Ubuntu 10.10: SSH-2.0-OpenSSH_5.5p1 Debian-4ubuntu{4,5} Ubuntu 11.04: SSH-2.0-OpenSSH_5.8p1 Debian-1ubuntu3 Ubuntu 11.10: SSH-2.0-OpenSSH_5.8p1 Debian-7ubuntu1
Why only Ubuntu?
Because I know Ubuntu upgrade OpenSSH only when they release a new version. I do not know other distributions.
But I also list other default banners :)
Debian 4: SSH-2.0-OpenSSH_4.3p2 Debian-9 Debian 5: SSH-2.0-OpenSSH_5.1p1 Debian-5 Debian 6: SSH-2.0-OpenSSH_5.5p1 Debian-6 FreeBSD 7.0: SSH-2.0-OpenSSH_4.5p1 FreeBSD-20061110 FreeBSD 7.2: SSH-2.0-OpenSSH_5.1p1 FreeBSD-20080901 FreeBSD 8.0: SSH-2.0-OpenSSH_5.2p1 FreeBSD-20090522 FreeBSD 8.1: SSH-2.0-OpenSSH_5.4p1 FreeBSD-20100308 FreeBSD 9.0: SSH-2.0-OpenSSH_5.8p2_hpn13v11 FreeBSD-20110503 openSUSE 10.0: SSH-2.0-OpenSSH_5.0 openSUSE 10.1: SSH-2.0-OpenSSH_5.1 openSUSE 10.2: SSH-2.0-OpenSSH_5.2 CentOS 4.x: SSH-2.0-OpenSSH_3.9 CentOS 5.x: SSH-2.0-OpenSSH_4.3 CentOS 6.x: SSH-2.0-OpenSSH_5.3 Fedora 12: SSH-2.0-OpenSSH_5.2 Fedora 13: SSH-2.0-OpenSSH_5.4 Fedora 14: SSH-2.0-OpenSSH_5.5 Fedora 15: SSH-2.0-OpenSSH_5.6 Fedora 16: SSH-2.0-OpenSSH_5.8It seems the distributions that derived from RedHat show only OpenSSH version and no "pX" after version.
Thank you for this!
ReplyDeleteI don't suppose you know how to *stop* it showing the operating system information after the SSHd information? It's a security risk.
ReplyDeletehelpful, Thank you
ReplyDeleteThank's a lot.It was helpful.
ReplyDeleteput DebianBanner "no" to /etc/ssh/sshd_config :-)
ReplyDeleteHello, i believe that i noticed you visited my web site thus i
ReplyDeletecame to go back the want?.I'm trying to find things to improve my web site!I guess its ok to make use of some of your ideas!!
Here is my web site Is weight reduction very important to managing abnormality?