1. 查看sshd的版本
root # rpm -qf /usr/sbin/sshd openssh-server-4.3p2-82.el5 root # rpm -qi openssh-server-4.3p2-82.el5 Name : openssh-server Relocations: (not relocatable) Version : 4.3p2 Vendor: Red Hat, Inc. Release : 82.el5 Build Date: Wed 04 Jan 2012 09:42:39 PM CST Install Date: Mon 25 Mar 2013 10:02:23 AM CST Build Host: hs20-bc2-3.build.redhat.com Group : System Environment/Daemons Source RPM: openssh-4.3p2-82.el5.src.rpm Size : 491029 License: BSD Signature : DSA/SHA1, Thu 05 Jan 2012 11:55:31 PM CST, Key ID 5326810137017186 Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> URL : http://www.openssh.com/portable.html Summary : The OpenSSH server daemon Description : OpenSSH is a free version of SSH (Secure SHell), a program for logging into and executing commands on a remote machine. This package contains the secure shell daemon (sshd). The sshd daemon allows SSH clients to securely connect to your SSH server. You also need to have the openssh package installed.
2. ssh的协议层次结构
from: http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_12-4/124_ssh.html
SSH is organized as three protocols that typically run on top of TCP::
- Transport Layer Protocol: Provides server authentication, data confidentiality, and data integrity with forward secrecy (that is, if a key is compromised during one session, the knowledge does not affect the security of earlier sessions); the transport layer may optionally provide compression
- User Authentication Protocol: Authenticates the user to the server
- Connection Protocol: Multiplexes multiple logical communications channels over a single underlying SSH connection
3. 在transport layer protocol中,server端还是client端会先发布自己的版本信息呢?
结论是:协议没有规定,因为这个消息不是request-response。
jsch-0.1.20就存在着问题,先等待server端的版本信息,然后再发自己client端的。需要升级到比较新的版本解决这个问题。
4. 验证server端sshd版本的一个简单方法
root # telnet oc26 22 Trying 120.2.13.244... Connected to oc26. Escape character is '^]'. SSH-2.0-OpenSSH_4.3
5. 有时server端会基于安全的考虑,故意隐藏ssh的版本信息,下面是一些资料。
http://www.mail-archive.com/ssh@clinet.fi/msg06806.html
http://e-rezaei.persianblog.ir/post/2
http://0x80.org/blog/sshd-hide-version-patch/
http://www.unix.com/solaris/53391-how-hide-ssh-version.html (I just been audited and one the recommendations is to hide the SSH version or give fake information.)
http://www.linuxquestions.org/questions/slackware-14/how-to-hide-openssh-version-331399/
http://serverfault.com/questions/216801/prevent-ssh-from-advertising-its-version-number
http://www.cyberciti.biz/tips/linux-unix-bsd-openssh-server-best-practices.html
6. ssh问题debug的一些方法
http://www.snailbook.com/faq/general-debugging.auto.html