You can put your own ascii-based-welcome message into:
/etc/issue.net; # actually used for pre-login-telnet messages
make shure to uncomment the #Banner line in:
vim /etc/ssh/sshd_config Banner /etc/issue.net
and restart ssh service:
/etc/init.d/ssh restart; # and restart ssh service
relogin and test.
exit; # logoff
you could put a cool ascii generated logo like:
____________________________________________________ 8888b. Yb dP db Yb dP 888888 .dP"Y8 8I Yb Yb db dP dPYb Yb dP 88__ `Ybo." 8I dY YbdPYbdP dP__Yb YbdP 88"" o.`Y8b 8888Y" YP YP dP""""Yb YP 888888 8bodP' please do not missuse this server! rather unite mankind!
for security reasons, you probably do not want to disclose what version of SSH and distro you are running…
# it seems like hiding the ssh version number is not possible # but you can hide your distro-version telnet dwaves.de 22 Trying 126.96.36.199... Connected to dwaves.de. Escape character is '^]'. SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3 echo "DebianBanner no" >> /etc/ssh/sshd_config; service sshd restart Escape character is '^]'. SSH-2.0-OpenSSH_6.7p1
I don’t like this it’s announcing the protocol and specific software package and version to the world, so the nasty hackers will know just what attacks to try. Can I turn this off?
Only partially, and it may not be worth the trouble. The version announcement is part of the SSH protocol. Each side sends a string of the form:
The protocol version is mandatory; it is necessary to allow different versions to interoperate. The comment field is optional, and you can remove it (though you will have to edit the source and recompile, or patch the image; none of the common servers have options to alter the comment).
However, if you do this, you may cause yourself some grief. Many SSH clients use the comment string to recognize particular servers and work around bugs and incompatibilities, so you may find other problems cropping up as a result.
knock, knock – who’s there?
simple technique to hide anything that is running on your server. (except from someone that can monitor all your TRAFFIC – and might just record the order of ports knocked.)
Here is a good implementation: http://www.zeroflux.org/projects/knock
„knockd is a port-knock server. It listens to all traffic on an ethernet (or PPP) interface, looking for special „knock“ sequences of port-hits.
A client makes these port-hits by sending a TCP (or UDP) packet to a port on the server.
This port need not be open — since knockd listens at the link-layer level, it sees all traffic even if it’s destined for a closed port.
When the server detects a specific sequence of port-hits, it runs a command defined in its configuration file.
This can be used to open up holes in a firewall for quick access.“