In my opinion OpenSSH gives away way too much unnessesary for connection information. My request ask for a option to either disable all the text exept SSH-2.0 in TCP banner, either fake this information giving more security options to users. This information holds no nessesary information for the client, and makes crackers work easyer, while holding way too little use for sysadministration. Option to fake it seems like a good option, becouse you may mislead the cracker thinking that you are using for example Debian Etch, or OpenBSD. Or add some completely misleading information like random text, fake kernel version or a name of non-existant GNU/Linux distibution. Reproducible: Always Steps to Reproduce: 1. Start the OpenSSH at the server 2. Do "nc server port" replacing server with the address of the server you started OpenSSH at and port with port you started it on. 3. See the problem Actual Results: I have saw the server banner that revealved way too much unnnesessary information Expected Results: Exactly the thing that happened.
the banner is used somewhat to probe for compatibility if you want to muck with it, you can request upstream add an option: https://bugzilla.mindrot.org/ or you can create a local patch and have it applied via epatch_user