While ssh requires broadcasting the exact version number for the protocol of the openssh spec, you can opt to disable broadcasting of the ‘Debian’ suffix that is added by default.
By default your server provides something like this to the world:
OpenSSH 5.2p1 Debian 7ubuntu3.5 (protocol 2.0)
I’ll show you how to change that and remove the distribution information!
Side note: This was only introduced in Debian as of openssh 5.2p-1-2 (2009). Ironically in classic Debian drama style, this was first brought up in 2002, though was not added in from persons saying it was not a security concern.
From man sshd_config:
DebianBanner Specifies whether the distribution-specified extra version suffix is included during initial protocol handshake. The default is ``yes''.
1. Edit this file:
$ sudo nano /etc/ssh/sshd_config
2. Enter the following line:
3. Save the config file and restart ssh
Control+X, Y to save in nano
sudo /etc/init.d/ssh restart
You can test the banner with nmap:
$ sudo nmap -A -T4 -p 22 example.com
PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 5.2p1 Debian 7ubuntu3.5 (protocol 2.0)
22/tcp open ssh OpenSSH 5.2p1 (protocol 2.0)