OpenSSH Hide Version Number From Clients
How do I hide ssh number from clients? When I type the following command it displays server version number to end users:
ssh -v server2.example.com
OpenSSH_5.3p1 Debian-3ubuntu4, OpenSSL 0.9.8k 25 Mar 2009
debug1: Reading configuration data /home/vivek/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to server2.example.com [123.x.y.z] port 22.
debug1: Connection established.
debug1: identity file /home/vivek/.ssh/identity type -1
debug1: identity file /home/vivek/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/vivek/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH_4*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu4OR
telnet server2.example.com 22
Trying 123.x.y.z...
Connected to v.txvip1.
Escape character is '^]'.
SSH-2.0-OpenSSH_4.3Why does OpenSSH server report its version to clients?
Short answer from the OpenSSH FAQ:This information is used by clients and servers to enable protocol compatibility tweaks to work around changed, buggy or missing features in the implementation they are talking to. This protocol feature checking is still required at present because versions with incompatibilities are still in wide use.
In other words it is necessary for compatibility. To hide openssh version, you need to update OpenSSH source code and compile openssh again. You will not get any support for your modified version. I highly recommend our OpenSSH server best security practices guide.