The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

OpenSSH Version Upgrade

Discussion in 'General Discussion' started by handsonhosting, Oct 23, 2007.

  1. handsonhosting

    handsonhosting Well-Known Member

    Joined:
    Feb 17, 2002
    Messages:
    151
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Omaha, NE
    cPanel Access Level:
    Root Administrator
    Hi guys,

    Been scanning the forums on how to do this, but there's no info.

    Basically the issue is that a number of our servers have verison 3.9pl of openssh installed on them. This is no longer PCI Compliant and thus we need to upgrade.

    The new version released by OpenSSH is 4.7/4.7pl

    I tried doing a "yum update openssh-server" and there's nothing available to update.

    I didnt' see a way within the cPanel to upgrade this software, and even using just the regular RPM install inside cPanel also fails to pull the latest version.

    -----
    Setting up Install Process
    Setting up repositories
    Reading repository metadata in from local files
    Excluding Packages in global exclude list
    Finished
    Parsing package install arguments
    Nothing to do
    Install Complete
    -----

    Anyone have any suggestions on upgrading this software?
     
  2. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,281
    Likes Received:
    37
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    Not PCI compliant? So it must have the latest version number to be PCI Compliant? 3.9 that comes with CentOS 4.5 (with updates) for instance is not full of security holes or anything. Most distro maintainers backport security patches.

    You're correct - there is no way to just 'easily' update it. I'm not sure what ships with even the latest version of your distribution, but it probably isn't 4.7. In order to get absolutely the latest greatest you're likely going to have to compile/install it yourself.

    Mike




     
  3. handsonhosting

    handsonhosting Well-Known Member

    Joined:
    Feb 17, 2002
    Messages:
    151
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Omaha, NE
    cPanel Access Level:
    Root Administrator
    Yeah, ScanAlert is now marking the OpenSSH versions 3.9 as out of date and then marking the accounts as non PCI Compliant. It's a simliar issue with the OpenSSL software. I know there's updates going on in the background and the version nubmer is not changing, but unforutnatly they're only scanning the verion numbers :(

    I'd already relayed to the client that it is up to date according to the latest YUM archives available for updates and that they're back-upgraded even though the version number didn't change.

    Just wondering if anyone else had any similar situations. No biggie - ScanAlert has an option to OVERRIDE their check and say the file is up to date, but it's somewhat alarming when we have our clients come into chat freaking out that ScanAlert tells them we're out of date in a HUGE way :)

    Oh well. Thanks for the comments. Much appreciated.
     
Loading...

Share This Page