I thought cPanel/WHM automatically upgraded SSH too? I see one of my servers is running "OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017". How does this get updated? Should it be updated?
When I check for the latest version its the same as I'm running. But the openssh web site is at v 8.2. makes me concerned.
Code:
yum info openssh-server
Loaded plugins: fastestmirror, universal-hooks
Loading mirror speeds from cached hostfile
* EA4: 104.254.183.20
* cpanel-addons-production-feed: 104.254.183.20
* cpanel-plugins: 104.254.183.20
* base: less.cogeco.net
* epel: ftp.cse.buffalo.edu
* extras: less.cogeco.net
* updates: centos.mirror.iweb.ca
Installed Packages
Name : openssh-server
Arch : x86_64
Version : 7.4p1
Release : 21.el7
Size : 970 k
Repo : installed
From repo : base
Summary : An open source SSH server daemon
URL : http://www.openssh.com/portable.html
License : BSD
Description : OpenSSH is a free version of SSH (Secure SHell), a program for logging
: into and executing commands on a remote machine. This package contains
: the secure shell daemon (sshd). The sshd daemon allows SSH clients to
: securely connect to your SSH server.
The version of OpenSSH used is the version supplied by the operating system. While there may be a higher version available through the software creator directly it is not offered through the OS so you wouldn't have the updated available.
The highest version available on the CentOS Base repo is:
The highest version available on the CentOS Base repo is:
Code:
Name : openssh
Arch : x86_64
Version : 7.4p1
Release : 21.el7
Size : 1.9 M
Repo : installed
From repo : base
Summary : An open source implementation of SSH protocol versions 1 and 2
URL : http://www.openssh.com/portable.html
License : BSD
Description : SSH (Secure SHell) is a program for logging into and executing
: commands on a remote machine. SSH is intended to replace rlogin and
: rsh, and to provide secure encrypted communications between two
: untrusted hosts over an insecure network. X11 connections and
: arbitrary TCP/IP ports can also be forwarded over the secure channel.
:
: OpenSSH is OpenBSD's version of the last free version of SSH, bringing
: it up to date in terms of security and features.
:
: This package includes the core files necessary for both the OpenSSH
: client and server. To make this package useful, you should also
: install openssh-clients, openssh-server, or both.They don't support it, specifics on that further would have to be addressed by CentOS - my personal opinion is it probably has to do a lot with why they offer what they offer for most system packages - the overhead of updating past what was stable would inevitably cause issues.
You also can't totally trust the version number of SSH on Red Hat/CentOS sytems. They backport the CVE's, but don't change the version number. If you want to see what CVE's are applied on your system, try one of these:
Code:
rpm -q --changelog {package-name}
rpm -q --changelog {package-name} | more
rpm -q --changelog {package-name} | grep CVE
rpm -q --changelog {package-name} | grep CVE-NUMBERWell, the version number is trustworthy - you're using that version but with the patches - that's pretty common practice.
| Thread starter | Similar threads | Forum | Replies | Date |
|---|---|---|---|---|
| L | how to access whm files using ssh rescue mode | Security | 1 | |
|
is there a one liner - terminal ssh command to get the expiration date of your hostname SSL Certificate? | Security | 6 | |
| G | SSH, mysqldump > gzip timing out | Security | 9 | |
| G | No Access to WHM or SSH | Security | 5 | |
|
Upgrade SSH | Security | 3 |