From c7068ca36462d8c8f3464e874226d3ad763564eb Mon Sep 17 00:00:00 2001
From: Jordan Doyle <jordan@doyle.la>
Date: Sun, 25 Jun 2023 17:12:34 +0100
Subject: [PATCH] Opt for a stealthier server-id string that doesn't mention thrussh

---
 src/config.rs | 24 ++++++++++++++++++++++++
 src/main.rs   |  1 +
 2 files changed, 25 insertions(+)

diff --git a/src/config.rs b/src/config.rs
index 0f848a6..753d8eb 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -30,13 +30,37 @@ impl Args {
 #[serde(rename_all = "kebab-case")]
 pub struct Config {
     /// Address for the server to listen on.
+    #[serde(default = "Config::default_listen_address")]
     pub listen_address: SocketAddr,
     /// The probability that an authentication attempt will succeed, once a given password
     /// has been accepted once - it will be accepted for the rest of the lifetime of the
     /// instance.
+    #[serde(default = "Config::default_access_probability")]
     pub access_probability: f64,
     /// Path of the file to write audit logs to.
+    #[serde(default = "Config::default_audit_output_file")]
     pub audit_output_file: PathBuf,
+    /// The server ID string sent at the beginning of the SSH connection.
+    #[serde(default = "Config::default_server_id")]
+    pub server_id: String,
+}
+
+impl Config {
+    fn default_listen_address() -> SocketAddr {
+        "0.0.0.0:22".parse().unwrap()
+    }
+
+    fn default_access_probability() -> f64 {
+        0.2
+    }
+
+    fn default_audit_output_file() -> PathBuf {
+        "/var/log/pisshoff/audit.log".parse().unwrap()
+    }
+
+    fn default_server_id() -> String {
+        "SSH-2.0-OpenSSH_9.3".to_string()
+    }
 }
 
 fn load_config<T: DeserializeOwned>(path: &str) -> Result<Arc<T>, std::io::Error> {
diff --git a/src/main.rs b/src/main.rs
index 1c45609..d53ac86 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -45,6 +45,7 @@ async fn run() -> anyhow::Result<()> {
     let keys = vec![thrussh_keys::key::KeyPair::generate_ed25519().unwrap()];
 
     let thrussh_config = Arc::new(thrussh::server::Config {
+        server_id: args.config.server_id.to_string(),
         methods: MethodSet::PASSWORD | MethodSet::PUBLICKEY | MethodSet::KEYBOARD_INTERACTIVE,
         keys,
         auth_rejection_time: std::time::Duration::from_secs(1),
--
libgit2 1.7.2