Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ssh version detection

From: Fyodor <fyodor () insecure org>
Date: Tue, 2 Sep 2008 18:31:39 -0700
On Mon, Sep 01, 2008 at 08:40:46PM -0400, Matt Selsky wrote:

OpenSSH 5.1p1 with HPN 13v5 wasn't detected by the current match line in 
svn.

According to http://www.snailbook.com/docs/transport.txt ssh's version 
line is supposed to end with \r\n in SSH protocol version 2.  In version 
1, the \r is optional.

I updated the match line to reflect that and now the match line works 
for both SSHv1 and SSHv2.


Thanks, I've applied your patch.


Should other ssh match lines be updated to replace \n with \r?\n?


If someone sends me a patch which does so, for the SSH signatures
which have version number (v//) information, that sounds fine with me.
Any SSH softmatch signatures should probably be updated too.

Cheers,
-F

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: