Hi! I’m using thrussh to create an SSH server honeypot. Among the configuration options, the user can specify the server_id (which is basically what nmap and most of the tools use to fingerprint the SSH server). The problem is that some banners are terminated by a single “\n”, while others are terminated by “\r\n”, but the library hardcodes the latter here https://nest.pijul.com/pijul/thrussh:main/7FRJYUI62VW24.FSDAE
If someone passes a banner like “something\n”, that breaks the protocol because “\r\n” is added anyway. You can find more details about this issue here https://github.com/evilsocket/medusa/issues/3
I suggest to add the server_id termination bytes as a configurable option (default to “\r\n”). Let me know if you prefer to do the changes yourself or you’d prefer me sending a PR ^_^
Hi! Welcome here!
What would you think of a solution where if the
&[u8] already ends with
\n, we just print it, otherwise we add
I don’t mind doing the changes, if it’s your first time using Pijul, installing it will take way more time than writing a tiny patch like this one. Just tell me.