Nmap Development mailing list archives

Openssh version detect may be inaccurate

From: kid dragon <idragonkid () gmail com>
Date: Mon, 22 Jun 2015 11:16:42 +0800

dear all,

I found a match string of Openssh may be inaccurate.

The origin banner is ```SSH-2.0-OpenSSH=5F6.6.1p1=20Ubuntu-2ubuntu2=0D=0A```

Nmap dectect the version of this banner as `6.6.1p1 Ubuntu 2ubuntu2`. But I
think this version may be `6.6.1p1-2ubuntu2`, because I get the version
like this (although not definitely is) from [1] rather than `6.6.1p1 Ubuntu
2ubuntu2`

The nmap-service-probes match string is ```match ssh
m|^SSH-([\d.]+)-OpenSSH_([\w._-]+)[ -]{1,2}Ubuntu[ -_]([^\r\n]+)\r\n|
p/OpenSSH/ v/$2 Ubuntu $3/ i/Ubuntu Linux; protocol $1/ o/Linux/
cpe:/a:openbsd:openssh:$2/ cpe:/o:canonical:ubuntu_linux/
cpe:/o:linux:linux_kernel/```

But I think the match string above may be ```match ssh
m|^SSH-([\d.]+)-OpenSSH_([\w._-]+)[ -]{1,2}Ubuntu[ -_]([^\r\n]+)\r\n|
p/OpenSSH/ v/$2-$3/ i/Ubuntu Linux; protocol $1/ o/Linux/
cpe:/a:openbsd:openssh:$2/ cpe:/o:canonical:ubuntu_linux/
cpe:/o:linux:linux_kernel/```

Is it right？

[1]https://launchpad.net/ubuntu/+source/openssh/1:6.6p1-2ubuntu2

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Openssh version detect may be inaccurate kid dragon (Jun 09)
- <Possible follow-ups>
- Openssh version detect may be inaccurate kid dragon (Jun 21)
  - Re: Openssh version detect may be inaccurate Daniel Miller (Jun 22)