You can put your own ascii-based-welcome message into:



/etc/; # actually used for pre-login-telnet messages

make shure to uncomment the #Banner line in:

vim /etc/ssh/sshd_config

Banner /etc/

and restart ssh service:

/etc/init.d/ssh restart; # and restart ssh service

relogin and test.

exit; # logoff

you could put a cool ascii generated logo like:

8888b.  Yb        dP    db    Yb    dP 888888 .dP"Y8
 8I  Yb  Yb  db  dP    dPYb    Yb  dP  88__   `Ybo."
 8I  dY   YbdPYbdP    dP__Yb    YbdP   88""   o.`Y8b
8888Y"     YP  YP    dP""""Yb    YP    888888 8bodP'

please do not missuse this server! rather unite mankind!

for security reasons, you probably do not want to disclose what version of SSH and distro you are running…

# it seems like hiding the ssh version number is not possible
# but you can hide your distro-version

telnet 22
Connected to
Escape character is '^]'.
SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3

echo "DebianBanner no" >> /etc/ssh/sshd_config;
service sshd restart

Escape character is '^]'.


I don’t like this it’s announcing the protocol and specific software package and version to the world, so the nasty hackers will know just what attacks to try. Can I turn this off?

Only partially, and it may not be worth the trouble. The version announcement is part of the SSH protocol. Each side sends a string of the form:

SSH-<protocol version>-<comment>

The protocol version is mandatory; it is necessary to allow different versions to interoperate. The comment field is optional, and you can remove it (though you will have to edit the source and recompile, or patch the image; none of the common servers have options to alter the comment).

However, if you do this, you may cause yourself some grief. Many SSH clients use the comment string to recognize particular servers and work around bugs and incompatibilities, so you may find other problems cropping up as a result.


knock, knock – who’s there?

simple technique to hide anything that is running on your server. (except from someone that can monitor all your TRAFFIC – and might just record the order of ports knocked.)

Here is a good implementation:

„knockd is a port-knock server. It listens to all traffic on an ethernet (or PPP) interface, looking for special „knock“ sequences of port-hits.

A client makes these port-hits by sending a TCP (or UDP) packet to a port on the server.

This port need not be open — since knockd listens at the link-layer level, it sees all traffic even if it’s destined for a closed port.

When the server detects a specific sequence of port-hits, it runs a command defined in its configuration file.

This can be used to open up holes in a firewall for quick access.“