Nmap Development mailing list archives

Openssh version detect may be inaccurate

From: kid dragon <idragonkid () gmail com>
Date: Wed, 10 Jun 2015 12:02:06 +0800

dear all,


I found a match string of Openssh may be inaccurate.


The origin banner is ```SSH-2.0-OpenSSH=5F6.6.1p1=20Ubuntu-2ubuntu2=0D=0A```


Nmap dectect the version of this banner as `6.6.1p1 Ubuntu 2ubuntu2`. But I
think this version may be `6.6.1p1-2ubuntu2`, because I get the version
like this (although not defynitely is) from [1] rather than `6.6.1p1 Ubuntu
2ubuntu2`


The nmap-service-probes match string is ```match ssh
m|^SSH-([\d.]+)-OpenSSH_([\w._-]+)[ -]{1,2}Ubuntu[ -_]([^\r\n]+)\r\n|
p/OpenSSH/ v/$2 Ubuntu $3/ i/Ubuntu Linux; protocol $1/ o/Linux/
cpe:/a:openbsd:openssh:$2/ cpe:/o:canonical:ubuntu_linux/
cpe:/o:linux:linux_kernel/```


But I think the match string above may be ```match ssh
m|^SSH-([\d.]+)-OpenSSH_([\w._-]+)[ -]{1,2}Ubuntu[ -_]([^\r\n]+)\r\n|
p/OpenSSH/ v/$2-$3/ i/Ubuntu Linux; protocol $1/ o/Linux/
cpe:/a:openbsd:openssh:$2/ cpe:/o:canonical:ubuntu_linux/
cpe:/o:linux:linux_kernel/```


Is it right？


[1]https://launchpad.net/ubuntu/+source/openssh/1:6.6p1-2ubuntu2

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Openssh version detect may be inaccurate kid dragon (Jun 09)
- <Possible follow-ups>
- Openssh version detect may be inaccurate kid dragon (Jun 21)
  - Re: Openssh version detect may be inaccurate Daniel Miller (Jun 22)