Linux ssh Hide OpenSSH Version Banner

Hide OpenSSH Version Banner

Here is a quick and dirty method for hiding some of the banner information advertised by OpenSSH[1]. This article focuses on how to use hexedit[2] to update your sshd binary to reduce information leakage.

Hiding the version information from OpenSSH is not supported by configuration[3]. This may have been added in some versions[4] and could be achieved by compiling your own version from source or switching to port knocking – these approaches are not covered. Be aware that this is only a temporary change to obfuscate what you are running and the following change will revert whenever OpenSSH is updated.


SSH Servers such as OpenSSH advertise information such as protocol support, build version and host operating system. For example:

$ nc example.local 22
 SSH-2.0-OpenSSH_7.4p1 Raspbian-10+deb9u2

Would be attackers scan the internet[5] and create large databases to search for servers running software with known vulnerabilities[6]. While this may have somewhat legitimate uses such as research into market share of SSH servers or for system admins monitoring their network for machines requiring patches; its generally not a good idea to give away such information freely to the Internet.

You can also use telnet or nmap to snoop on the same information e.g:

$ nmap -A -T4 -p 22 example.local

Starting Nmap 7.60 ( ) 
Nmap scan report for example.local (
Host is up (0.0044s latency).
rDNS record for

22/tcp open ssh (protocol 2.0)
| fingerprint-strings:
|_ SSH-2.0-OpenSSH_7.4p1 Raspbian-10+deb9u2
$ telnet example 22
Trying ::1...
Connected to example.
Escape character is '^]'.
SSH-2.0-OpenSSH_7.4p1 Raspbian-10+deb9u2

Removing the Banner

Warning: Doing this while connected via SSH is risky as you can lock yourself out. If you are, set up a way to recover the original binary (i.e. set up another way to connect to the machine or a cron job to restore a copy of the original).

These steps use the hexedit[2] tool which is light weight and should be in your package manager. The goal is to write over the existing version string with text of your choice. The instructions are written for Debian / Systemd from steps followed on a Raspberri Pi running Raspbian.

  1. Check the current banner:
    $ echo "Hello" | nc localhost 22
    SSH-2.0-OpenSSH_7.4p1 Raspbian-10+deb9u2
    Protocol mismatch.

    In this case, the part of the banner we want to hide is “OpenSSH_7.4p1 Raspbian-10+deb9u2” which is broadcasting the versions of my SSH server and operating system. Hiding the protocol is a bit harder and not covered here.
    We can see this in the binary too:

    $ strings /usr/sbin/sshd | grep Rasp
    OpenSSH_7.4p1 Raspbian-10+deb9u2
  2. Escalate to a root session:
    $ sudo su
  3. Install hexedit:
    # apt-get update && apt-get install hexedit
  4. Back up your sshd binary and create an editable working copy (as root):
    # cp /usr/sbin/sshd /tmp/sshd.backup
    # cp /tmp/sshd.backup /tmp/
  5. Update the binary with hexedit:
    # hexedit /tmp/

    Press TAB to switch from the HEX are to the ASCII area
    Use CTRL+S to bring up the search prompt and search for the text in your banner than you want to hide e.g. ‘OpenSSH_7.4’. You should see something like:

    0007DA54   61 67 65 6E  74 00 00 00  4F 70 65 6E  agent...Open
    0007DA60   53 53 48 5F  37 2E 34 70  31 20 52 61  SSH_7.4p1 Ra
    0007DA6C   73 70 62 69  61 6E 2D 31  30 2B 64 65  spbian-10+de
    0007DA78   62 39 75 32  00 00 00 00  4F 70 65 6E  b9u2....Open

    Use the arrow keys to highlight the start of the string that you want to update and type your replacement. Be careful to stay within the bounds of the length of the original banner. You can also press TAB to switch back to the HEX area if you wanted to just null out the string setting each word to ’00’.
    Your change should look something like:

    0007DA54   61 67 65 6E  74 00 00 00  48 65 72 65  agent...Here
    0007DA60   20 62 65 20  64 72 61 67  6F 6E 73 2E   be dragons.
    0007DA6C   20 54 75 72  6E 20 42 61  63 6B 00 00   Turn Back..
    0007DA78   00 00 00 00  00 00 00 00  4F 70 65 6E  ........Open

    Save your changes with CTRL+x and a Y.

  6. Check if there are any instances that we missed (we expect no output now):
    # strings /tmp/ | grep Rasp
  7. Update sshd and restart the service for good measure:
    # rm /usr/sbin/sshd
    # cp /tmp/ /usr/sbin/sshd
    # systemctl restart ssh.service
  8. Check that you can still SSH in (otherwise restore the backup or reinstall OpenSSH from your package manager!):
    # ssh user@localhost

This change will only be temporary as any time you update OpenSSH, the binary will be replaced.


The process above will result in something like the following:

$ nc localhost 22
SSH-2.0-Here be dragons. Turn Back

Where before this would be along the lines of:

$ nc localhost 22 
SSH-2.0-OpenSSH_7.4p1 Raspbian-10+deb9u2

Which makes the version you are running just a little bit more obscure and and also adds bit of fun.


(last checked 2018-01-06)

4.8 (5)
Article Rating (5 Votes)
Rate this article
There are no attachments for this article.
Comments (1)
Comment By Intercepta - Wed, Feb 3rd, 2021 12:28 PM
Hi, it's a bad idea to hide the ssh-version by a patch of the biniaries. There are clients out there, who need to determine the ssh-version to offer the right ciphers. And what about updates? Better hide the os-version by using: sshd_config: DebianBanner no Cheers Intercepta
Full Name
Email Address
Security Code Security Code
Related Articles RSS Feed
Linux - How to get network speed and statistic of ethernet adapter in Linux
Viewed 1872 times since Fri, Jun 8, 2018
How to Clear RAM Memory Cache, Buffer and Swap Space on Linux
Viewed 2096 times since Mon, Nov 23, 2020
Linux Find Large Files
Viewed 2634 times since Mon, Oct 29, 2018
RHCS6: Clustered LVM
Viewed 1962 times since Sun, Jun 3, 2018
LVM: Extend SWAP size by growing existing Logical Volume
Viewed 2259 times since Sat, Jun 2, 2018
How to deal with dmesg timestamps
Viewed 2996 times since Wed, Oct 3, 2018
RHEL: Manually encrypting a filesystem with LUKS
Viewed 3496 times since Sun, May 27, 2018
Viewed 8852 times since Fri, Jul 27, 2018
python learning
Viewed 1640 times since Wed, Dec 18, 2019
Linux - How to get CPU information
Viewed 1945 times since Fri, Jun 8, 2018