Commit 8a75df79 authored by Kees Cook's avatar Kees Cook Committed by Colin Watson

Add DebianBanner server configuration option

Setting this to "no" causes sshd to omit the Debian revision from its
initial protocol handshake, for those scared by package-versioning.patch.

Bug-Debian: http://bugs.debian.org/562048
Forwarded: not-needed
Last-Update: 2013-09-14

Patch-Name: debian-banner.patch
parent da3ff978
......@@ -157,6 +157,7 @@ initialize_server_options(ServerOptions *options)
options->ip_qos_interactive = -1;
options->ip_qos_bulk = -1;
options->version_addendum = NULL;
options->debian_banner = -1;
}
void
......@@ -310,6 +311,8 @@ fill_default_server_options(ServerOptions *options)
options->ip_qos_bulk = IPTOS_THROUGHPUT;
if (options->version_addendum == NULL)
options->version_addendum = xstrdup("");
if (options->debian_banner == -1)
options->debian_banner = 1;
/* Turn privilege separation on by default */
if (use_privsep == -1)
use_privsep = PRIVSEP_NOSANDBOX;
......@@ -360,6 +363,7 @@ typedef enum {
sKexAlgorithms, sIPQoS, sVersionAddendum,
sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
sAuthenticationMethods, sHostKeyAgent,
sDebianBanner,
sDeprecated, sUnsupported
} ServerOpCodes;
......@@ -501,6 +505,7 @@ static struct {
{ "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL },
{ "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL },
{ "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL },
{ "debianbanner", sDebianBanner, SSHCFG_GLOBAL },
{ NULL, sBadOption, 0 }
};
......@@ -1648,6 +1653,10 @@ process_server_config_line(ServerOptions *options, char *line,
}
return 0;
case sDebianBanner:
intptr = &options->debian_banner;
goto parse_int;
case sDeprecated:
logit("%s line %d: Deprecated option %s",
filename, linenum, arg);
......
......@@ -188,6 +188,8 @@ typedef struct {
u_int num_auth_methods;
char *auth_methods[MAX_AUTH_METHODS];
int debian_banner;
} ServerOptions;
/* Information about the incoming connection as used by Match */
......
......@@ -440,7 +440,8 @@ sshd_exchange_identification(int sock_in, int sock_out)
}
xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s",
major, minor, SSH_RELEASE,
major, minor,
options.debian_banner ? SSH_RELEASE : SSH_RELEASE_MINIMUM,
*options.version_addendum == '\0' ? "" : " ",
options.version_addendum, newline);
......
......@@ -404,6 +404,11 @@ or
.Dq no .
The default is
.Dq delayed .
.It Cm DebianBanner
Specifies whether the distribution-specified extra version suffix is
included during initial protocol handshake.
The default is
.Dq yes .
.It Cm DenyGroups
This keyword can be followed by a list of group name patterns, separated
by spaces.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment