在写这篇文章之前,xxx已经写过了几篇关于改版本总结主题的文章,想要了解的朋友可以去翻一下之前的文章
1. 查看sshd的版本
root # rpm -qf /usr/sbin/sshd openssh-server-4.3p2-82.el5 root # rpm -qi openssh-server-4.3p2-82.el5 Name : openssh-server Relocations: (not relocatable) Version : 4.3p2 Vendor: Red Hat, Inc. Release : 82.el5 Build Date: Wed 04 Jan 2012 09:42:39 PM CST Install Date: Mon 25 Mar 2013 10:02:23 AM CST Build Host: hs20-bc2-3.build.redhat.com Group : System Environment/Daemons Source RPM: openssh-4.3p2-82.el5.src.rpm Size : 491029 License: BSD Signature : DSA/SHA1, Thu 05 Jan 2012 11:55:31 PM CST, Key ID 5326810137017186 Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> URL : http://www.openssh.com/portable.html Summary : The OpenSSH server daemon Description : OpenSSH is a free version of SSH (Secure SHell), a program for logging into and executing commands on a remote machine. This package contains the secure shell daemon (sshd). The sshd daemon allows SSH clients to securely connect to your SSH server. You also need to have the openssh package installed.
2. ssh的协议层次结构
from: http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_12-4/124_ssh.html
SSH is organized as three protocols that typically run on top of TCP::
- Transport Layer Protocol: Provides server authentication, data confidentiality, and data integrity with forward secrecy (that is, if a key is compromised during one session, the knowledge does not affect the security of earlier sessions); the transport layer may optionally provide compression
- User Authentication Protocol: Authenticates the user to the server
- Connection Protocol: Multiplexes multiple logical communications channels over a single underlying SSH connection
3. 在transport layer protocol中,server端还是client端会先发布自己的版本信息呢?
结论是:协议没有划定,因为这个消息不是request-response。
jsch-0.1.20就存在着问题,先等待server端的版本信息,然后再发自己client端的。需要升级到比拟新的版本处理这个问题。
4. 验证server端sshd版本的一个简单方法
root # telnet oc26 22 Trying 120.2.13.244... Connected to oc26. Escape character is '^]'. SSH-2.0-OpenSSH_4.3
5. 偶然server端会基于安全的斟酌,故意隐藏ssh的版本信息,下面是一些资料。
http://www.mail-archive.com/ssh@clinet.fi/msg06806.html
http://e-rezaei.persianblog.ir/post/2
http://0x80.org/blog/sshd-hide-version-patch/
http://www.unix.com/solaris/53391-how-hide-ssh-version.html (I just been audited and one the recommendations is to hide the SSH version or give fake information.)
http://www.linuxquestions.org/questions/slackware-14/how-to-hide-openssh-version-331399/
http://serverfault.com/questions/216801/prevent-ssh-from-advertising-its-version-number
http://www.cyberciti.biz/tips/linux-unix-bsd-openssh-server-best-practices.html
6. ssh问题debug的一些方法
http://www.snailbook.com/faq/general-debugging.auto.html
文章结束给大家分享下程序员的一些笑话语录: 与女友分手两月有余,精神萎靡,面带菜色。家人介绍一女孩,昨日与其相亲。女孩果然漂亮,一向吝啬的我决定破例请她吃晚饭。
选了一个蛮贵的西餐厅,点了比较贵的菜。女孩眉开眼笑,与我谈得很投机。聊着聊着,她说:“我给你讲个笑话吧。”“ok”
“一只螳螂要给一只雌蝴蝶介绍对象,见面时发现对方是只雄蜘蛛。见面后螳螂问蝴蝶‘如何?’,‘他长的太难看了’,‘别看人家长的丑,人家还有网站呢’。”
“呵呵………”我笑。忽然她问:“你有网站吗?”
---------------------------------
原创文章 By
版本和总结
---------------------------------