[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#786987: Re: Bug#786987: openssh-server: please have DebianBanner default to no

On Mon, Feb 22, 2016 at 04:19:24PM +0100, Carlos Alberto Lopez Perez wrote:
> So, putting it into other words...  The use case was actually to make
> easier to detect vulnerable systems to anyone without access to the
> system by inspecting the DebianBanner version of the SSH servers, right?

People can do that anyway just by seeing whether their attacks work;
plenty of actual attackers just scattergun their attacks.  Hiding the
version doesn't particularly help, but giving network administrators the
ability to efficiently shut off access to vulnerable systems can do.

-- 
Colin Watson                                       [cjwatson@debian.org]
Reply to: