In Ubuntu or Debian, a default OpenSSH server will display OpenSSH version alongside with Ubuntu/Debian distribution banner:
$ telnet repeater.my 172.16.91.20 22 Trying 172.16.91.20... Connected to 172.16.91.20. Escape character is '^]'. SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
You can hide the identifying part of Ubuntu-2ubuntu2 from the server banner by editing /etc/ssh/sshd_config file, and adding “DebianBanner no” either at the end of the file, or just under “Port 22” configuration in “/etc/ssh/sshd_config”
#/etc/ssh/sshd_config # What ports, IPs and protocols we listen for Port 22 DebianBanner no
Save and restart OpenSSH server by typing
sudo service ssh restart
Now the response will just be:
Trying 172.16.91.20... Connected to 172.16.91.20. Escape character is '^]'. SSH-2.0-OpenSSH_6.6.1p1
Happy trying!
One Reply to “How to Hide OpenSSH Ubuntu version from Nmap and other scanners”
Comments are closed.