diff options
author | Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> | 2016-09-07 17:23:51 +0100 |
---|---|---|
committer | Felix Fietkau <nbd@nbd.name> | 2016-09-10 12:17:39 +0200 |
commit | 96f0bbe91d2176284324c4d9b4839b6878148602 (patch) | |
tree | 54d728e3a454fad91bed1892343a3eb19806cc69 /package/network/services/dropbear | |
parent | ca356887edbd509d15165009a2cc73991f76c399 (diff) | |
download | mtk-20170518-96f0bbe91d2176284324c4d9b4839b6878148602.zip mtk-20170518-96f0bbe91d2176284324c4d9b4839b6878148602.tar.gz mtk-20170518-96f0bbe91d2176284324c4d9b4839b6878148602.tar.bz2 |
dropbear: hide dropbear version
As security precaution and to limit the attack surface based on
the version reported by tools like nmap mask out the dropbear
version so the version is not visible anymore by snooping on the
wire. Version is still visible by 'dropbear -V'
Based on a patch by Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [remove trailing _]
Diffstat (limited to 'package/network/services/dropbear')
-rw-r--r-- | package/network/services/dropbear/Makefile | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/package/network/services/dropbear/Makefile b/package/network/services/dropbear/Makefile index 36bcb4a..b80f4d5 100644 --- a/package/network/services/dropbear/Makefile +++ b/package/network/services/dropbear/Makefile @@ -105,6 +105,10 @@ define Build/Configure mv $(PKG_BUILD_DIR)/options.h.new $(PKG_BUILD_DIR)/options.h || exit 1; \ done + # remove protocol idented software version number + $(SED) 's,^#define LOCAL_IDENT .*$$$$,#define LOCAL_IDENT "SSH-2.0-dropbear",g' \ + $(PKG_BUILD_DIR)/sysoptions.h + # Enforce rebuild of svr-chansession.c rm -f $(PKG_BUILD_DIR)/svr-chansession.o endef |