[BlueOnyx:20931] Re: OpenSSH and PCI on 5208R
Chris Gebhardt - VIRTBIZ Internet
cobaltfacts at virtbiz.com
Thu Apr 20 10:10:53 -05 2017
Hi Jim,
> Going out on a limb, is there a remote chance of getting openssh 7.4 on
> this server that is still running 5208R, or would the only way to get to
> that version be doing a full update to 5209R? I'm trying to avoid that.
Highly unlikely. That's going to involve ripping out the SSH from
CentOS, and upstream Redhat, and then building one in (and keeping it
maintained) just for BlueOnyx. The scale of that work compared with
the benefiting audience just isn't going to work out in our favor.
One option you may have (which has been successful for us in the past)
would be to lock down SSH. Just make it unavailable. Ideally, you can
turn it off via the GUI for anytime other than when you specifically
require its use. Or use some firewall rules or hosts.deny ACL to
narrow the scope of allowed IPs. The theory goes that what is
unavailable for scanning is unable to fail. Or spun another way, the
safest SSH is no SSH at all.
--
Chris Gebhardt
VIRTBIZ Internet Services
Access, Web Hosting, Colocation, Dedicated
www.virtbiz.com | toll-free (866) 4 VIRTBIZ
More information about the Blueonyx
mailing list