Question regarding OpenSSH server on Ubuntu 16.04 LTS
Colin Law
clanlaw at gmail.com
Fri Sep 25 09:01:08 UTC 2020
On Fri, 25 Sep 2020 at 09:21, Jonathan Sélea
<jonathan.selea at instantsystems.se> wrote:
>
> Hi there,
> I noticed that the ssh-version that is being used by Ubuntu 16.04 LTS (AWS EC2 instance) is the following for some reason:
> SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2
>
> Which for me, seems strange since Ubuntu _should_ ship their own version right?
> However, it turns out that "SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2" is vulnerable to "CVE-2019-16905" (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16905).
> I am unable to find a newer version in the Ubuntu repository. And our auditors says that we have to move to OpenSSH 8.1 atleast. I can't see how that is possible without compiling it for myself. And since it is a machine that we only can reach over SSH, well - you see the problem :)
>
> Thankful for any advice!
What does
apt-cache policy openssh-server
show?
> --
> ubuntu-users mailing list
> ubuntu-users at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
More information about the ubuntu-users
mailing list