From d9ba6b3b61eaf551b2e724b0d9854ffe1bf49c36 Mon Sep 17 00:00:00 2001
From: "David J. Bianco" <dbianco@splunk.com>
Date: Thu, 13 Feb 2025 13:19:21 -0500
Subject: [PATCH] Fixed server_version_string setting

The config template specified the default server version string as "SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.3" but the SSH module automatically prepends "SSH-2.0-" to the beginning. This gave the version string returned to the client a potential fingerprint that could be used to easily identify DECEIVE honeypots. Updated the default value and added comments to document this behavior.
---
 SSH/config.ini.TEMPLATE | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/SSH/config.ini.TEMPLATE b/SSH/config.ini.TEMPLATE
index a1b666b..16ac131 100644
--- a/SSH/config.ini.TEMPLATE
+++ b/SSH/config.ini.TEMPLATE
@@ -18,8 +18,10 @@ port = 8022
 # The host key to use for the SSH server. This should be a private key.
 # See the README for how to generate this key.
 host_priv_key = ssh_host_key
-# The server version string to send to clients.
-server_version_string = SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.3
+# The server version string to send to clients. The SSH server automatically 
+# prepends "SSH-2.0-" to this. So "OpenSSH_8.2p1 Ubuntu-4ubuntu0.3" will 
+# be transformed to "SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.3".
+server_version_string = OpenSSH_8.2p1 Ubuntu-4ubuntu0.3
 
 # Settings to configure which LLM backend to use.  Only one stanza 
 # should be uncommented at a time.