summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>2016-09-07 17:23:51 +0100
committerFelix Fietkau <nbd@nbd.name>2016-09-10 12:17:39 +0200
commit96f0bbe91d2176284324c4d9b4839b6878148602 (patch)
tree54d728e3a454fad91bed1892343a3eb19806cc69
parentca356887edbd509d15165009a2cc73991f76c399 (diff)
downloadmaster-31e0f0ae-96f0bbe91d2176284324c4d9b4839b6878148602.tar.gz
master-31e0f0ae-96f0bbe91d2176284324c4d9b4839b6878148602.tar.bz2
master-31e0f0ae-96f0bbe91d2176284324c4d9b4839b6878148602.zip
dropbear: hide dropbear version
As security precaution and to limit the attack surface based on the version reported by tools like nmap mask out the dropbear version so the version is not visible anymore by snooping on the wire. Version is still visible by 'dropbear -V' Based on a patch by Hans Dedecker <dedeckeh@gmail.com> Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> Signed-off-by: Felix Fietkau <nbd@nbd.name> [remove trailing _]
-rw-r--r--package/network/services/dropbear/Makefile4
1 files changed, 4 insertions, 0 deletions
diff --git a/package/network/services/dropbear/Makefile b/package/network/services/dropbear/Makefile
index 36bcb4ab7b..b80f4d5c81 100644
--- a/package/network/services/dropbear/Makefile
+++ b/package/network/services/dropbear/Makefile
@@ -105,6 +105,10 @@ define Build/Configure
mv $(PKG_BUILD_DIR)/options.h.new $(PKG_BUILD_DIR)/options.h || exit 1; \
done
+ # remove protocol idented software version number
+ $(SED) 's,^#define LOCAL_IDENT .*$$$$,#define LOCAL_IDENT "SSH-2.0-dropbear",g' \
+ $(PKG_BUILD_DIR)/sysoptions.h
+
# Enforce rebuild of svr-chansession.c
rm -f $(PKG_BUILD_DIR)/svr-chansession.o
endef