DEV Community

darkmage
darkmage

Posted on

4 2

Blanking out the SSH Banner

Blanking out the SSH Banner

New security upgrade time!

Why would anyone do this?

Well, if you know how service/port banners work, you'll become aware that when you fingerprint or scan a port, often the service behind it will fire back a protocol message indicating some useful information about the service itself.

I recently brought this website back online after a LONG hiatus, and in getting back into the swing of things, decided that I wanted to lock stuff down just a bit tighter than before. I asked myself "...can I alter the service banner reported by SSH when I nmap my site?"

So, I found a blog where someone did this on their RaspberryPi:

https://kram.nz/2018/01/hide-openssh-version-banner/

This is pretty cool and nifty. A lot of ssh ports on the web still report things like:
- What version of sshd it is
- If it is OpenSSH or not
- What operating system it was built for
- etc.

So, can it be replicated outside of RaspberryPi? YES! But you must be careful...

The first time I attempted this, I almost locked myself out of SSH by overwriting one of the strings that I SHOULDN'T overwrite.

Everyone's process doing this is going to be slightly different due to varying binary addresses as to where the strings are located in the sshd binary itself.

But, I've confirmed it works.

me@mypc:~$ telnet mywebsite.com myport
Trying aaa.bbb.ccc.ddd...
Connected to mywebsite.com.
Escape character is '^]'.
SSH-2.0-Eat my shorts, hackers! =D XOXO
Enter fullscreen mode Exit fullscreen mode

Not bad!!!

I'll be getting a video of both this in action AND how to wipe out the banner text yourself.

If you've found this information helpful, please consider signing up for a new Vultr VPS instance using my link: https://www.vultr.com/?ref=8632027-6G.

I am giving away $100 worth of VPS credits, so you can sign up and try wiping out your box's SSH banner yourself without any risk to your own boxes :)

I hope you all have a pleasant sunday! Take it easy until next time :D

Image of Timescale

🚀 pgai Vectorizer: SQLAlchemy and LiteLLM Make Vector Search Simple

We built pgai Vectorizer to simplify embedding management for AI applications—without needing a separate database or complex infrastructure. Since launch, developers have created over 3,000 vectorizers on Timescale Cloud, with many more self-hosted.

Read full post →

Top comments (0)

Billboard image

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more