>>>>> "purpmint008" == purpmint008 writes:

purpmint008> Alright so I telnet into my SSH port. "telnet localhost
purpmint008> " and here is what I get:
purpmint008> "SSH-2.0-OpenSSH_4.6" I type something in and I get:
purpmint008> "Protocol mismatch. Connection to host lost."

purpmint008> Can some please explain this to me? Isn't this a bad
purpmint008> idea? Someone can just telnet into this port and know
purpmint008> that an sshd is running, specifically
purpmint008> "SSH-2.0-OpenSSH_4.6". Can I turn this off?

http://www.snailbook.com/faq/version-string.auto.html

--
Richard Silverman
res@qoxp.net

X-No-Archive: Yes

On Aug 17, 12:47 pm, "Richard E. Silverman" wrote:
> http://www.snailbook.com/faq/version-string.auto.html
>
> --
> Richard Silverman
> r...@qoxp.net

Thanks.
SSH is pretty secure but alright.
I used wireshark to check out the connection in action and I noticed
another batch of strings.
Something along the lines of naming the algorithms (in preferential
order as set by PuTTY).
I saw "diffie hellman" etc.

>>>>> "purpmint008" == purpmint008 writes:

purpmint008> On Aug 17, 12:47 pm, "Richard E. Silverman"
purpmint008> wrote:
>> http://www.snailbook.com/faq/version-string.auto.html
>>
>> -- Richard Silverman r...@qoxp.net

purpmint008> Thanks. SSH is pretty secure but alright.
purpmint008> I used wireshark to check out the connection in action and I
purpmint008> noticed another batch of strings. Something along the
purpmint008> lines of naming the algorithms (in preferential order as
purpmint008> set by PuTTY). I saw "diffie hellman" etc.

Yes, this is part of the key exchange protocol. You have to negotiate
which security algorithms to use before using them, so of course this part
of the protocol is not encrypted -- it happens before the speakers have
chosen an encryption algorithm to use.

--
Richard Silverman
res@qoxp.net

purpmint008@gmail.com writes:

> Alright so I telnet into my SSH port.
> "telnet localhost "
> and here is what I get:
> "SSH-2.0-OpenSSH_4.6"
> I type something in and I get: "Protocol mismatch. Connection to host
> lost."

Normal operation.

> Can some please explain this to me?
> Isn't this a bad idea? Someone can just telnet into this port and know
> that an sshd is running, specifically "SSH-2.0-OpenSSH_4.6".
> Can I turn this off?

/etc/init.d/sshd stop

But that may not be what you want. :-)

Just stay patched and allow sshd to negotiate its protocols with
clients. Consider moving it somewhere other than port 22 if you'd
like to avoid the onslaught of script kiddie attacks against port 22.


--
Todd H.
http://www.toddh.net/

X-No-Archive: Yes

I have moved my SSHd to one of the dynamic ports (Ports 49152 to
65535?).
So I guess some plaintext strings are necessary for the SSH protocol
to function.
That's alright though since the rest of the protocol (ver. 2) is
extremely safe thanks
to public-key authentication and diffie-hellman exchange.

Thanks for the clarification guys!