0

I use Ovh to host a VPS in which my services run. I choose the latest, Ubuntu 20.04 release for my VPS OS image, ran an apt-get update && apt-get upgrade -y && apt-get dist-upgrade -y && reboot and then ran an nmap -sV --script vulners <IP> to only see this:

22/tcp    open  ssh      OpenSSH 8.3p1 Ubuntu 1ubuntu0.1 (Ubuntu Linux; protocol 2.0)
| vulners: 
|   cpe:/a:openbsd:openssh:8.3p1: 
|       EDB-ID:21018    10.0    https://vulners.com/exploitdb/EDB-ID:21018  *EXPLOIT*
|       CVE-2001-0554   10.0    https://vulners.com/cve/CVE-2001-0554
|       CVE-2020-15778  6.8     https://vulners.com/cve/CVE-2020-15778
|       CVE-2021-28041  4.6     https://vulners.com/cve/CVE-2021-28041
|       MSF:ILITIES/OPENBSD-OPENSSH-CVE-2020-14145/     4.3     https://vulners.com/metasploit/MSF:ILITIES/OPENBSD-OPENSSH-CVE-2020-14145/   *EXPLOIT*
|       MSF:ILITIES/HUAWEI-EULEROS-2_0_SP9-CVE-2020-14145/      4.3     https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP9-CVE-2020-14145/*EXPLOIT*
|       MSF:ILITIES/HUAWEI-EULEROS-2_0_SP8-CVE-2020-14145/      4.3     https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP8-CVE-2020-14145/*EXPLOIT*
|       MSF:ILITIES/HUAWEI-EULEROS-2_0_SP5-CVE-2020-14145/      4.3     https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP5-CVE-2020-14145/*EXPLOIT*
|       MSF:ILITIES/F5-BIG-IP-CVE-2020-14145/   4.3     https://vulners.com/metasploit/MSF:ILITIES/F5-BIG-IP-CVE-2020-14145/ *EXPLOIT*
|       CVE-2020-14145  4.3     https://vulners.com/cve/CVE-2020-14145

and so on... From here, I disabled u/p authentication and changed it to RSA authentication which seems snakeoil to me because most of these exploits seem way beyond the method of authentication but anyway, I then thought I could use ufw as a basic whitelist for IPV4/IPV6 connections via SSH but this seems so overkill... I Googled if I could upgrade my SSH but it seems it is built into the 20.04 image and the OS needs upgrading - but OVH does not offer this...

What is the correct way to secure from these underlying issues? Reinstalling the VPS with new OS images seems like a long "down-time" way of providing patches and security maintenance. Any advice on how I can secure this SSH issue?

My VPS can be located here: https://www.ovhcloud.com/en-gb/vps/

Jaquarh
  • 121
  • 1
  • 7
  • Tried to have a look at the website, turns out they don't even support TLS 1.2. This makes me sceptical about their general attitude re: security. I would question if OVH is the right choice if you are security-conscious. – emk2203 May 23 '21 at 08:40
  • Apologies, the URL is https://www.ovh.co.uk/ not `.net` - I did not confirm the URL on posting this thread - I'll update the question to fix broken link @emk2203 – Jaquarh May 23 '21 at 08:42
  • Does this answer your question? [How can I tell if a CVE has been fixed in Ubuntu's repositories?](https://askubuntu.com/questions/563408/how-can-i-tell-if-a-cve-has-been-fixed-in-ubuntus-repositories) – muru May 23 '21 at 10:24
  • For several of these, it seems upstream OpenSSH has no intention of changing the behaviour, so it seems there is nothing to be done as they're not really "underlying issues" – muru May 23 '21 at 10:31
  • I'm not sure I follow, are you saying the `nmap` scan is showing incorrect details and that, for example, [this returned CVE](https://vulners.com/cve/CVE-2001-0554) is not effected by my version as the OpenBSD version is 2.4 and mine is 8.3? Thanks for the link @muru – Jaquarh May 23 '21 at 11:03
  • I think it's just spewing some CVE numbers based on the version string without actually verifying that they're a problem. – muru May 23 '21 at 12:48

0 Answers0