Dropbear SSH Banner

[GoogleCodeExporter]

What steps will reproduce the problem?
1. telnet router_ip_address ssh_port
2. see SSH-2.0-dropbear_0.52

What is the expected output? What do you see instead?

Need to clean this banner to avoid block ssh tunnels by IPS and WEB filter 
systems. 

What version of the product are you using?

2585

Please provide any additional information below.

Original issue reported on code.google.com by VZ7.Infi...@gmail.com on 22 Feb 2011 at 11:07

[GoogleCodeExporter]

You have to read dropbear docs, set proper command line & start it manually.

Original comment by lly.dev on 22 Feb 2011 at 12:14

• Changed state: Invalid
• Added labels: Type-Support
• Removed labels: Type-Defect

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

You cannot remove this banner, because its hardcoded

command key dropbear -b file also don`t remove this banner

Edit version.h
#define SSH_VERSION "asd"
#define SSH_RELEASE "asd"

./configure --prefix=/usr --sysconfdir=/etc
make -j8
make install
/etc/init.d/ssh restart

And you will get:

Connected to x.x.x.x
Escape character is '^]'.
SSH-2.0-asd

Original comment by VZ7.Infi...@gmail.com on 24 Feb 2011 at 6:12

[GoogleCodeExporter]

if you dont want to recompile, you can replace this string to another with same 
length with find-and-replace tool sed

cp /usr/sbin/dropbear /tmp/dropbear-tmp
sed -i 's/SSH-2.0-dropbear_0.52/foo-bar-foo-bar-foo-b/g' /tmp/dropbear-tmp

now you can stop /usr/sbin/dropbear and use /tmp/dropbear-tmp with needed 
switches
you need to run commands from web interface shell, you can use scripts to 
program this on start up (if you will make scripts - post them here too, to 
help other users)

Original comment by boleeme...@gmail.com on 24 Feb 2011 at 7:46

[GoogleCodeExporter]

First of all, it is not a banner.

Second, we don't want this hack in mainstream.

Original comment by lly.dev on 24 Feb 2011 at 7:50

[GoogleCodeExporter]

TO: lly.dev ok, accepted

TO: boleeme...@gmail.com

I did what you wanted, but  
it causes error:

ssh: connection to admin@127.0.0.2:444 exited: Bad hostkey signature

Original comment by VZ7.Infi...@gmail.com on 24 Feb 2011 at 1:13

[GoogleCodeExporter]

try to flush local (client) keys cache:
putty -cleanup
rm -rf ~/.ssh

another idea: you can try to replace only 1 of 2 instances of 
SSH-2.0-dropbear_0.52 text in dropbear binary, try to use one of this instead 
(replaces second/first instance of text):
sed -i 's/SSH-2.0-dropbear_0.52/foo-bar-foo-bar-foo-b/2' /tmp/dropbear-tmp
sed -i 's/SSH-2.0-dropbear_0.52/foo-bar-foo-bar-foo-b/1' /tmp/dropbear-tmp

Original comment by boleeme...@gmail.com on 24 Feb 2011 at 2:48

[GoogleCodeExporter]

Thanks for helping me, but as i find the only second instance impact to service 
answer (SSH-2.0....). I try to change it in hex-editor, but it also causes same 
error.

It has to be recompiled ...

Original comment by VZ7.Infi...@gmail.com on 24 Feb 2011 at 7:35