Scott Galambos

Well-Known Member
Jul 13, 2016
86
3
8
Canada
cPanel Access Level
Root Administrator
I thought cPanel/WHM automatically upgraded SSH too? I see one of my servers is running "OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017". How does this get updated? Should it be updated?
 

Scott Galambos

Well-Known Member
Jul 13, 2016
86
3
8
Canada
cPanel Access Level
Root Administrator
When I check for the latest version its the same as I'm running. But the openssh web site is at v 8.2. makes me concerned.

Code:
yum info openssh-server
Loaded plugins: fastestmirror, universal-hooks
Loading mirror speeds from cached hostfile
 * EA4: 104.254.183.20
 * cpanel-addons-production-feed: 104.254.183.20
 * cpanel-plugins: 104.254.183.20
 * base: less.cogeco.net
 * epel: ftp.cse.buffalo.edu
 * extras: less.cogeco.net
 * updates: centos.mirror.iweb.ca
Installed Packages
Name        : openssh-server
Arch        : x86_64
Version     : 7.4p1
Release     : 21.el7
Size        : 970 k
Repo        : installed
From repo   : base
Summary     : An open source SSH server daemon
URL         : http://www.openssh.com/portable.html
License     : BSD
Description : OpenSSH is a free version of SSH (Secure SHell), a program for logging
            : into and executing commands on a remote machine. This package contains
            : the secure shell daemon (sshd). The sshd daemon allows SSH clients to
            : securely connect to your SSH server.
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,252
313
Houston
The version of OpenSSH used is the version supplied by the operating system. While there may be a higher version available through the software creator directly it is not offered through the OS so you wouldn't have the updated available.

The highest version available on the CentOS Base repo is:
Code:
Name        : openssh
Arch        : x86_64
Version     : 7.4p1
Release     : 21.el7
Size        : 1.9 M
Repo        : installed
From repo   : base
Summary     : An open source implementation of SSH protocol versions 1 and 2
URL         : http://www.openssh.com/portable.html
License     : BSD
Description : SSH (Secure SHell) is a program for logging into and executing
            : commands on a remote machine. SSH is intended to replace rlogin and
            : rsh, and to provide secure encrypted communications between two
            : untrusted hosts over an insecure network. X11 connections and
            : arbitrary TCP/IP ports can also be forwarded over the secure channel.
            :
            : OpenSSH is OpenBSD's version of the last free version of SSH, bringing
            : it up to date in terms of security and features.
            :
            : This package includes the core files necessary for both the OpenSSH
            : client and server. To make this package useful, you should also
            : install openssh-clients, openssh-server, or both.
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,252
313
Houston
They don't support it, specifics on that further would have to be addressed by CentOS - my personal opinion is it probably has to do a lot with why they offer what they offer for most system packages - the overhead of updating past what was stable would inevitably cause issues.
 

ffeingol

Well-Known Member
PartnerNOC
Nov 9, 2001
436
104
343
cPanel Access Level
DataCenter Provider
You also can't totally trust the version number of SSH on Red Hat/CentOS sytems. They backport the CVE's, but don't change the version number. If you want to see what CVE's are applied on your system, try one of these:

Code:
rpm -q --changelog {package-name}
rpm -q --changelog {package-name} | more
rpm -q --changelog {package-name} | grep CVE
rpm -q --changelog {package-name} | grep CVE-NUMBER