projects / openwrt / staging / yousong.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ca35688)
dropbear: hide dropbear version
authorKevin Darbyshire-Bryant <[email protected]>
Wed, 7 Sep 2016 16:23:51 +0000 (17:23 +0100)
committerFelix Fietkau <[email protected]>
Sat, 10 Sep 2016 10:17:39 +0000 (12:17 +0200)
As security precaution and to limit the attack surface based on
the version reported by tools like nmap mask out the dropbear
version so the version is not visible anymore by snooping on the
wire. Version is still visible by 'dropbear -V'

Based on a patch by Hans Dedecker <[email protected]>

Signed-off-by: Kevin Darbyshire-Bryant <[email protected]>
Signed-off-by: Felix Fietkau <[email protected]> [remove trailing _]
package/network/services/dropbear/Makefile patch | blob | history

diff --git a/package/network/services/dropbear/Makefile b/package/network/services/dropbear/Makefile
index 36bcb4ab7b6c57460cd15da1bcc130af62e32bc6..b80f4d5c81ca1627b46fa2fd2f75be27cff47bf6 100644 (file)
--- a/package/network/services/dropbear/Makefile
+++ b/package/network/services/dropbear/Makefile
@@ -105,6 +105,10 @@ define Build/Configure
          mv $(PKG_BUILD_DIR)/options.h.new $(PKG_BUILD_DIR)/options.h || exit 1; \
        done
 
+       # remove protocol idented software version number
+       $(SED) 's,^#define LOCAL_IDENT .*$$$$,#define LOCAL_IDENT "SSH-2.0-dropbear",g' \
+               $(PKG_BUILD_DIR)/sysoptions.h
+
        # Enforce rebuild of svr-chansession.c
        rm -f $(PKG_BUILD_DIR)/svr-chansession.o
 endef
Yousong Zhou staging tree