SSH Banner Redaction

I use SSH to access most of my Ubuntu machines and get annoyed when nmap -sV 192.168.x.x shows 22/tcp open ssh syn-ack OpenSSH 7.2p2 Ubuntu 4ubuntu2.10 (Ubuntu Linux; protocol 2.0). Nobody needs to know that much detail about my Ubuntu box … and I already know all that info. So, how can I get ride of some of that stuff?

You can’t get rid of all that information (easily, anyway), but to get rid of most of it you can sudo nano -KSw /etc/ssh/sshd_config and go all the way to the bottom of the page (Alt + / will get you there real fast) and type DebianBanner no on a new line.

Running nmap -sV 192.168.x.x. should now show something like 22/tcp open ssh syn-ack OpenSSH 7.2p2 (protocol 2.0) which is better than before, even though it’s not perfect. The best solution would be to change your SSH port and only allow a limited number is IPs access to it.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.