Am 07.01.2012 15:44, schrieb Sam Varshavchik:
> no, one keys of security is to provide as less informations as
> absolutely necessary, not only for sshd, for every single
> service
>
> in the best case no single foreign person has an idea
> what software you are currently running, not what OS
> nor what service-software and at least no exact version
Ok, then why are you even running ssh on the default port?
do i this?
no i do not!
so please do not make any assumptions out of the blue!
ssh is running on a hidden port, only accepting key-auth
and only accepting exactly 3 users for login and allows
only 30 connections per minute - said that about my
knowledge to setup a service properly
and that is why i am pissed of get "Medium" alerts only
because sshd is spiting out his version
and no it does not interest me if a 10 years old client
could have any problems - such old clients have to be
updated or deleted as soon as possible from security
point of view
i, and only i am responsible for the machines so why
do i not have a option only "SSH-2.0-OpenSSH" provide
to a anonymous client?