Nmap Development mailing list archives
Re: Service fingerprint update / fix for libssh (patch)
From: David Fifield <david () bamsoftware com>
Date: Thu, 18 Oct 2018 09:05:24 -0600
On Tue, Oct 16, 2018 at 11:38:50PM +0000, Brandon Enright via dev wrote:
It seems some versions of libssh use an underscore as the separator character for the version like so: SF:L,16,"SSH-2\.0-libssh_0\.7\.5\r\n"); Attached is a patch that allows both an underscore and hyphen so that the fingerprint matches more versions.
Looks right to me. https://git.libssh.org/projects/libssh.git/tree/include/libssh/priv.h?id=60037f327540f9ff2255cb6cc6bba78ea1f066b9#n159 #ifndef CLIENT_BANNER_SSH2 #define CLIENT_BANNER_SSH2 "SSH-2.0-libssh_" SSH_STRINGIFY(LIBSSH_VERSION) #endif /* CLIENT_BANNER_SSH2 */ It's called "CLIENT"_BANNER_SSH2 but it's also sent by the server code. It switched from hyphen to underscore in 2016 (released 2017 in version 0.7.4). https://git.libssh.org/projects/libssh.git/commit/?id=b5ce15eefa5b3e949d71a640cf03a0c0f42805ae #ifndef CLIENTBANNER1 -#define CLIENTBANNER1 "SSH-1.5-libssh-" SSH_STRINGIFY(LIBSSH_VERSION) +#define CLIENTBANNER1 "SSH-1.5-libssh_" SSH_STRINGIFY(LIBSSH_VERSION) #endif #ifndef CLIENTBANNER2 -#define CLIENTBANNER2 "SSH-2.0-libssh-" SSH_STRINGIFY(LIBSSH_VERSION) +#define CLIENTBANNER2 "SSH-2.0-libssh_" SSH_STRINGIFY(LIBSSH_VERSION) #endif _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Service fingerprint update / fix for libssh (patch) Brandon Enright via dev (Oct 17)
- Re: Service fingerprint update / fix for libssh (patch) David Fifield (Oct 18)
- Re: Service fingerprint update / fix for libssh (patch) Fyodor (Oct 23)