• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

How to change SSH banner? [SOLVED…the ugly way]

General pfSense Questions
2
6
23.9k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • A
    alphazo
    last edited by Sep 19, 2007, 3:12 PM Sep 7, 2007, 7:56 PM

    Hello,

    Moved from M0n0 to pfSense after 3 years.

    How can I permanently change the SSH banner from "SSH-2.0-OpenSSH_4.5p1 FreeBSD-20061110" to "Welcome Home"

    I added a ssh-banner file and added```
    Banner /etc/ssh/sshd-banner

    
Can someone give me a hint ?

Thanks
Dany
    1 Reply Last reply Reply Quote 0
    • J
      jamesdean
      last edited by Sep 11, 2007, 6:59 PM Sep 11, 2007, 6:54 PM

      The file that rewrites the /etc/ssh/sshd_config is located at /etc/sshd.

      Backup /etc/sshd before starting
      Edit /etc/sshd

      Find the folowing lines, should be line 86
        /* Include default configuration for pfSense */
        $sshconf = "# This file is automatically generated at startup\n";

      Then add your extra options just below the said lines.
        $sshconf .= "Banner /etc/ssh/banner\n";
        $sshconf .= "VersionAddendum this is a private network\n";

      Banner is the message during login

      VersionAddendum is the sshd helo reponse when connected. Ussally sshd says version of the OS as a helo.
      I don't like that so I always change it.

      1 Reply Last reply Reply Quote 0
      • A
        alphazo
        last edited by Sep 12, 2007, 4:31 AM

        Thanks a lot. I'm actually traveling so I'll have to test it when I return home.

        Dany

        1 Reply Last reply Reply Quote 0
        • A
          alphazo
          last edited by Sep 14, 2007, 9:32 PM

          Hi Jamesdean,

          It worked as advertised.

          Now that "FreeBSD…" has been replaced by custom text, is there any way to get rid of the leading "SSH-2.0-OpenSSH_4.5p1" when you do a telnet to the box?

          Thanks again
          Dany

          1 Reply Last reply Reply Quote 0
          • A
            alphazo
            last edited by Sep 19, 2007, 3:12 PM Sep 17, 2007, 7:30 PM

            Ok I did it…. the (very) ugly way ! :-[

            I opened my favorite Hex editor and patched the pfsense img file to replace all references to "OpenSSH_4.5p1" by "KEEP OUT    ". String lengths were not modified. Now when I telnet to the box I get  "SSH-2.0-KEEP OUT".

            I feel bad about this...I just wanted to see if this would work. Anyway if someone knows a more elegant way to get the above result I'll be glad to forget about this episode.

            Cheers
            Dany

            1 Reply Last reply Reply Quote 0
            • J
              jamesdean
              last edited by Sep 20, 2007, 9:43 PM

              Danny

              You should never remove the SSH-2.0-OpenSSH_4.5p1. Some SSH clients use this to figure out what options your SSHD server supports. In the past I have changed  SSH-2.0-OpenSSH_4.5p1 too SSH-2.0 and never encountered a SSH client that brakes because of that change, but you never know. The clean way to change the SSH-2.0-OpenSSH_4.5p1 is to edit the SHHD source code.

              laterz
              JamesDean

              1 Reply Last reply Reply Quote 0
              1 out of 6
              • First post
                1/6
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.