HPE Community
Operating System - HP-UX
1834650 Members
1853 Online
110069 Solutions
New Discussion

Re: Removing FTP banner - altogether

 
SOLVED
Go to solution
Simon Hargrave
Honored Contributor

‎11-15-2004 02:14 AM

‎11-15-2004 02:14 AM

Removing FTP banner - altogether

On our HP servers, the FTP banner (as default) reads: -

220 hostname FTPserver (Version 1.1.214.4 PHNE_29461) ready.

We would like to disable this, as it's clear that it gives a hostname, a version and a patch level, all useful for a hacker to determine the potential use/vulnerability of a host.

I know we can add a banner using the banner clause in /etc/ftpd/ftpaccess, but this keeps this version banner in place.

Is there a way to remove this?

On the same subject, we'd also like to remove this for SMTP and SSH if possible?
0 Kudos
Reply
9 REPLIES 9
Sanjay_6
Honored Contributor

‎11-15-2004 02:17 AM

‎11-15-2004 02:17 AM

Solution

Re: Removing FTP banner - altogether

Hi simon,

Maybe this will help,

http://www1.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000062974927

The itrc doc id is UARPAKBQA00000205.

Hope this helps.

Regds
Reply
Sanjay_6
Honored Contributor

‎11-15-2004 02:20 AM

‎11-15-2004 02:20 AM

Re: Removing FTP banner - altogether

Hi,

to remove the banner from ssh, check/ comment the banner line in sshd_config.

Hope this helps.

Regds
0 Kudos
Reply
Pete Randall
Outstanding Contributor

‎11-15-2004 02:21 AM

‎11-15-2004 02:21 AM

Re: Removing FTP banner - altogether

Simon,


See Craig's final response here:

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=112737

I don't know about SSH, though.


Pete

Pete
Reply
Doug Burton
Respected Contributor

‎11-15-2004 02:36 AM

‎11-15-2004 02:36 AM

Re: Removing FTP banner - altogether

In the ftpaccess file:

suppresshostname yes
suppressversion yes

Uncomment the "#Banner /some/path" line in the /opt/ssh/etc/sshd_config file to "Banner /etc/issue"
Reply
Ranjith_5
Honored Contributor

‎11-15-2004 02:37 AM

‎11-15-2004 02:37 AM

Re: Removing FTP banner - altogether

Hi

1.)http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=204670

2.) see manpage of ftpaccess (#man ftpaccess)

Also you can put banner for your security warnings by specifing the file name.

eg: banner /etc/issue

Regards,
Syam
0 Kudos
Reply
Simon Hargrave
Honored Contributor

‎11-15-2004 02:39 AM

‎11-15-2004 02:39 AM

Re: Removing FTP banner - altogether

Right, that's the FTP sorted, cheers.

The SSH doesn't work quite that way though. It's not so much the banner given by the SSH client, it's the banner advertised by the SSH daemon itself.

For example: -

% telnet localhost 22
Trying...
Connected to localhost.
Escape character is '^]'.
SSH-2.0-OpenSSH_3.8


Similarly for SMTP: -

% telnet localhost 25
Trying...
Connected to localhost.
Escape character is '^]'.
220 hostname ESMTP Sendmail 8.9.3 (PHNE_29774)/8.9.3; Mon, 15 Nov 2004 15:39:05 GMT
0 Kudos
Reply
Doug Burton
Respected Contributor

‎11-15-2004 02:40 AM

‎11-15-2004 02:40 AM

Re: Removing FTP banner - altogether

Doh! The ssh part was to ADD the banner. Sorry. Don't have the info handy for version suppression.

Try this for email, changes to the /etc/mail/sendmail.cf file:

From: O SmtpGreetingMessage=$j Sendmail $v/$Z; $b
To: O SmtpGreetingMessage=
and
From: O PrivacyOptions=authwarnings
To: O PrivacyOptions=goaway
Reply
Simon Hargrave
Honored Contributor

‎11-15-2004 02:43 AM

‎11-15-2004 02:43 AM

Re: Removing FTP banner - altogether

Excellent! 2 down, 1 to go :)
0 Kudos
Reply
Simon Hargrave
Honored Contributor

‎11-15-2004 02:54 AM

‎11-15-2004 02:54 AM

Re: Removing FTP banner - altogether

Hmm, according to this website: -

http://projects.vanscherpenseel.nl/documents/howto_banners.html

The way to disable the version on sshd is to edit the version string in version.h and recompile the source.

Given we use the (supported) HP delivered depot rather than compiling OpenSSH from scratch (and therefore unsupported I guess?) I guess this leaves us high and dry?
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.