Closed zhyde2010 closed 5 days ago
Set the property CoreModuleProperties.CLIENT_IDENTIFICATION
(or CoreModuleProperties.SERVER_IDENTIFICATION
for a server) to whatever identification you want to use. (Set it on the SshClient
or SshServer
.) Note that the value should a valid identification string, without the "SSH-2.0-" prefix.
Besides, even if methods are protected, you can still override them. Subclass ClientSessionImpl
or ServerSessionImpl
and override the method. Then create SessionFactory
that creates instances of your subclass, and set that factory on the SshClient
or SshServer
.
But for the identification string, just setting the property is sufficient and simpler.
Version
2.10.0
Bug description
Nmap can scan the version number of Apache mina sshd. Attackers may obtain the version number and find the corresponding vulnerability to attack the system.
Actual behavior
Nmap can scan the version number of Apache mina sshd. Attackers may obtain the version number and find the corresponding vulnerability to attack the system.
Expected behavior
We hope that open source software will give us a way to hide version information.
Relevant log output
Other information
Thank U!