Nmap Development mailing list archives
Re: ssh version detection
From: Fyodor <fyodor () insecure org>
Date: Tue, 2 Sep 2008 18:31:39 -0700
On Mon, Sep 01, 2008 at 08:40:46PM -0400, Matt Selsky wrote:
OpenSSH 5.1p1 with HPN 13v5 wasn't detected by the current match line in svn. According to http://www.snailbook.com/docs/transport.txt ssh's version line is supposed to end with \r\n in SSH protocol version 2. In version 1, the \r is optional. I updated the match line to reflect that and now the match line works for both SSHv1 and SSHv2.
Thanks, I've applied your patch.
Should other ssh match lines be updated to replace \n with \r?\n?
If someone sends me a patch which does so, for the SSH signatures which have version number (v//) information, that sounds fine with me. Any SSH softmatch signatures should probably be updated too. Cheers, -F _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- ssh version detection Matt Selsky (Sep 01)
- Re: ssh version detection Fyodor (Sep 02)
- Re: ssh version detection Matt Selsky (Sep 05)
- Re: ssh version detection Fyodor (Sep 02)