From 20707ef7688bed44fec39c4673a8823211e94149 Mon Sep 17 00:00:00 2001
From: Hans Nilsson <hans@erlang.org>
Date: Thu, 16 Apr 2015 16:12:49 +0200
Subject: ssh: added id_string option for server and client

For limiting Banner Grabbing attempts.
---
 lib/ssh/src/ssh.erl           |  6 ++++++
 lib/ssh/src/ssh_transport.erl | 34 ++++++++++++++++++++++++++++------
 2 files changed, 34 insertions(+), 6 deletions(-)

(limited to 'lib/ssh/src')

diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl
index 51ad691ba2..d4b02a024e 100644
--- a/lib/ssh/src/ssh.erl
+++ b/lib/ssh/src/ssh.erl
@@ -347,6 +347,8 @@ handle_option([parallel_login|Rest], SocketOptions, SshOptions) ->
     handle_option(Rest, SocketOptions, [handle_ssh_option({parallel_login,true}) | SshOptions]);
 handle_option([{minimal_remote_max_packet_size, _} = Opt|Rest], SocketOptions, SshOptions) ->
     handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]);
+handle_option([{id_string, _ID} = Opt|Rest], SocketOptions, SshOptions) ->
+    handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]);
 handle_option([Opt | Rest], SocketOptions, SshOptions) ->
     handle_option(Rest, [handle_inet_option(Opt) | SocketOptions], SshOptions).
 
@@ -439,6 +441,10 @@ handle_ssh_option({idle_time, Value} = Opt) when is_integer(Value), Value > 0 ->
     Opt;
 handle_ssh_option({rekey_limit, Value} = Opt) when is_integer(Value) -> 
     Opt;
+handle_ssh_option({id_string, random}) ->
+    {id_string, {random,2,5}}; %% 2 - 5 random characters
+handle_ssh_option({id_string, ID} = Opt) when is_list(ID) ->
+    Opt;
 handle_ssh_option(Opt) ->
     throw({error, {eoptions, Opt}}).
 
diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl
index 76fa776113..8669be570e 100644
--- a/lib/ssh/src/ssh_transport.erl
+++ b/lib/ssh/src/ssh_transport.erl
@@ -44,12 +44,34 @@
 
 versions(client, Options)->
     Vsn = proplists:get_value(vsn, Options, ?DEFAULT_CLIENT_VERSION),
-    Version = format_version(Vsn),
-    {Vsn, Version};
+    {Vsn, format_version(Vsn, software_version(Options))};
 versions(server, Options) ->
     Vsn = proplists:get_value(vsn, Options, ?DEFAULT_SERVER_VERSION),
-    Version = format_version(Vsn),
-    {Vsn, Version}.
+    {Vsn, format_version(Vsn, software_version(Options))}.
+
+software_version(Options) -> 
+    case proplists:get_value(id_string, Options) of
+	undefined ->
+	    "Erlang"++ssh_vsn();
+	{random,Nlo,Nup} ->
+	    random_id(Nlo,Nup);
+	ID ->
+	    ID
+    end.
+
+ssh_vsn() ->
+    try {ok,L} = application:get_all_key(ssh),
+	 proplists:get_value(vsn,L,"")
+    of 
+	"" -> "";
+	VSN when is_list(VSN) -> "/" ++ VSN;
+	_ -> ""
+    catch
+	_:_ -> ""
+    end.
+    
+random_id(Nlo, Nup) -> 
+    [crypto:rand_uniform($a,$z+1) || _<- lists:duplicate(crypto:rand_uniform(Nlo,Nup+1),x)  ].
 
 hello_version_msg(Data) ->
     [Data,"\r\n"].
@@ -77,9 +99,9 @@ is_valid_mac(Mac, Data, #ssh{recv_mac = Algorithm,
 yes_no(Ssh, Prompt)  ->
     (Ssh#ssh.io_cb):yes_no(Prompt, Ssh).
 
-format_version({Major,Minor}) ->
+format_version({Major,Minor}, SoftwareVersion) ->
     "SSH-" ++ integer_to_list(Major) ++ "." ++ 
-	integer_to_list(Minor) ++ "-Erlang".
+	integer_to_list(Minor) ++ "-" ++ SoftwareVersion.
 
 handle_hello_version(Version) ->
     try
-- 
cgit v1.2.3