Home Explore Help
Register Sign In
OpenWrt
/
openwrt
mirror of https://github.com/openwrt/openwrt.git
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

dropbear: hide dropbear version

As security precaution and to limit the attack surface based on
the version reported by tools like nmap mask out the dropbear
version so the version is not visible anymore by snooping on the
wire. Version is still visible by 'dropbear -V'

Based on a patch by Hans Dedecker <[email protected]>

Signed-off-by: Kevin Darbyshire-Bryant <[email protected]>
Signed-off-by: Felix Fietkau <[email protected]> [remove trailing _]
Kevin Darbyshire-Bryant 9 years ago
parent
ca356887ed
commit
96f0bbe91d
1 changed files with 4 additions and 0 deletions
Split View Show Diff Stats
  1. 4 0
      package/network/services/dropbear/Makefile

+ 4 - 0
package/network/services/dropbear/Makefile
View File 

@@ -105,6 +105,10 @@ define Build/Configure
 
 	  mv $(PKG_BUILD_DIR)/options.h.new $(PKG_BUILD_DIR)/options.h || exit 1; \
 
 	done
 
 
+	# remove protocol idented software version number
 
+	$(SED) 's,^#define LOCAL_IDENT .*$$$$,#define LOCAL_IDENT "SSH-2.0-dropbear",g' \
 
+		$(PKG_BUILD_DIR)/sysoptions.h
 
+
 
 	# Enforce rebuild of svr-chansession.c
 
 	rm -f $(PKG_BUILD_DIR)/svr-chansession.o
 
 endef