SSH upgrade?

Scott Galambos

• May 05, 2020 18:48

I thought cPanel/WHM automatically upgraded SSH too? I see one of my servers is running "OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017". How does this get updated? Should it be updated?

• 

  Scott Galambos

  • May 05, 2020 23:55

  When I check for the latest version its the same as I'm running. But the openssh web site is at v 8.2. makes me concerned. yum info openssh-server Loaded plugins: fastestmirror, universal-hooks Loading mirror speeds from cached hostfile * EA4: 104.254.183.20 * cpanel-addons-production-feed: 104.254.183.20 * cpanel-plugins: 104.254.183.20 * base: less.cogeco.net * epel: ftp.cse.buffalo.edu * extras: less.cogeco.net * updates: centos.mirror.iweb.ca Installed Packages Name : openssh-server Arch : x86_64 Version : 7.4p1 Release : 21.el7 Size : 970 k Repo : installed From repo : base Summary : An open source SSH server daemon URL : http://www.openssh.com/portable.html License : BSD Description : OpenSSH is a free version of SSH (Secure SHell), a program for logging : into and executing commands on a remote machine. This package contains : the secure shell daemon (sshd). The sshd daemon allows SSH clients to : securely connect to your SSH server.
  

  0
• 

  cPanelLauren

  • May 06, 2020 16:52

  The version of OpenSSH used is the version supplied by the operating system. While there may be a higher version available through the software creator directly it is not offered through the OS so you wouldn't have the updated available. The highest version available on the CentOS Base repo is: Name : openssh Arch : x86_64 Version : 7.4p1 Release : 21.el7 Size : 1.9 M Repo : installed From repo : base Summary : An open source implementation of SSH protocol versions 1 and 2 URL : http://www.openssh.com/portable.html License : BSD Description : SSH (Secure SHell) is a program for logging into and executing : commands on a remote machine. SSH is intended to replace rlogin and : rsh, and to provide secure encrypted communications between two : untrusted hosts over an insecure network. X11 connections and : arbitrary TCP/IP ports can also be forwarded over the secure channel. : : OpenSSH is OpenBSD's version of the last free version of SSH, bringing : it up to date in terms of security and features. : : This package includes the core files necessary for both the OpenSSH : client and server. To make this package useful, you should also : install openssh-clients, openssh-server, or both.
  

  0
• 

  Scott Galambos

  • May 07, 2020 05:07

  why is the one in the repo so old?

  0
• 

  cPanelLauren

  • May 07, 2020 15:28

  They don't support it, specifics on that further would have to be addressed by CentOS - my personal opinion is it probably has to do a lot with why they offer what they offer for most system packages - the overhead of updating past what was stable would inevitably cause issues.

  0
• 

  ffeingol

  • May 07, 2020 16:42

  You also can't totally trust the version number of SSH on Red Hat/CentOS sytems. They backport the CVE's, but don't change the version number. If you want to see what CVE's are applied on your system, try one of these: rpm -q --changelog {package-name} rpm -q --changelog {package-name} | more rpm -q --changelog {package-name} | grep CVE rpm -q --changelog {package-name} | grep CVE-NUMBER
  

  0
• 

  cPanelLauren

  • May 07, 2020 17:57

  Well, the version number is trustworthy - you're using that version but with the patches - that's pretty common practice.

  0

Please sign in to leave a comment.