dropbear: hide dropbear version
As security precaution and to limit the attack surface based on the version reported by tools like nmap mask out the dropbear version so the version is not visible anymore by snooping on the wire. Version is still visible by 'dropbear -V' Based on a patch by Hans Dedecker <dedeckeh@gmail.com> Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> Signed-off-by: Felix Fietkau <nbd@nbd.name> [remove trailing _]
This commit is contained in:
Kevin Darbyshire-Bryant
Felix Fietkau
parent
ca356887ed
commit
96f0bbe91d
1 changed files with 4 additions and 0 deletions
|
|
@ -105,6 +105,10 @@ define Build/Configure
|
|||
mv $(PKG_BUILD_DIR)/options.h.new $(PKG_BUILD_DIR)/options.h || exit 1; \
|
||||
done
|
||||
|
||||
# remove protocol idented software version number
|
||||
$(SED) 's,^#define LOCAL_IDENT .*$$$$,#define LOCAL_IDENT "SSH-2.0-dropbear",g' \
|
||||
$(PKG_BUILD_DIR)/sysoptions.h
|
||||
|
||||
# Enforce rebuild of svr-chansession.c
|
||||
rm -f $(PKG_BUILD_DIR)/svr-chansession.o
|
||||
endef
|
||||
|
|
|
|||
Loading…
Reference in a new issue