SSHD hide version patch

Hello guys .. as you know that someone could know the version of the sshd and many other information by using nmap or any other tools …

for example

root::qnix[0]@~/Codeing/Projects/SSHDH/openssh-4.7p1 $ nmap -q -sV -p 22 localhost
Starting Nmap 4.53 ( http://insecure.org ) at 2008-02-25 15:35 AST
Interesting ports on localhost (127.0.0.1):
PORT   STATE SERVICE VERSION
22/tcp open  ssh      (protocol 2.0 debian-4.7p1)

as you can see these info sometimes might be dangerous... and might be used in a mass hacking if a vulnerability found on this version which is 4.7p1 and it runs under Debian.

so i wrote this simple patch that hides these info

--- sshd.c.orig    2007-06-05 11:22:32.000000000 +0300
+++ sshd.c    2008-02-25 15:16:10.000000000 +0300
@@ -422,2 +422,2 @@
-    snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s\n", major, minor, SSH_VERSION);
+    snprintf(buf, sizeof buf, "SSH-%d.%d\n", major, minor);

or download it from here

http://www.0×80.org/code/app/sshdh/sshdh.patch

to patch it just go to the the folder where the openssh sourecode is and type

root::qnix[0]@~/Codeing/Projects/SSHDH/openssh-4.7p1 $ patch < sshdh.patch
patching file sshd.c
Hunk #1 succeeded at 422 with fuzz 1.

Thats it now configure it and make it then install it and then try to telnet to it and you’ll see something like this

root::qnix[0]@~ $ telnet localhost 22
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
SSH-2.0-HIDDEN

Enjoy!!

4 thoughts on “SSHD hide version patch”

  1. Obscurity != security; besides, the vast majority of the worms/tools that constantly attempt to login via ssh never really seem to check the version numbers (or they’d see that the ssh on my machine is 2.0 only…).

Leave a Reply

Your email address will not be published. Required fields are marked *


*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>