Hello, recently ran a McAfee vulnerability scan of our VyOS router and it came back with several vulnerabilities regarding OpenSSH on our router. These vulnerabilities include:
‘OpenSSH Multiple Vulnerabilities’
‘OpenSSH 7.4 Not Installed Multiple Vulnerabilities’
I saw another post about upgrading OpenSSL and OpenSSH but the guy who posted it said that the vulnerabilities on their system were a false positive, so no one ever explained how to do the upgrade. My questions are; is this something to be concerned about, or is it like the LTS ubuntu releases in that OpenSSH is actually being upgraded in the background without my knowledge? Furthermore, if this is an issue, how do I upgrade OpenSSH on our router?
When I run df -h it tells me ‘df: cannot read table off mounted file systems’. I went ahead and tried expanding the router’s EBS volume in AWS, but two things happened:
first the resolv.conf was suddenly blank
second when i then tried to extend the file system using ‘sudo resize2fs /dev/xvda1’ it tells me ‘The filesystem is already 1048320 blocks long. Nothing to do!’
Resolved this issue by creating a new ec2 linux instance, attaching the VyOS volume to it, and then extending the filesystem there. I’m a newbie here though, do I need to close this out?
Well don’t close it yet actually, the system image is upgraded, but I still have the original problem. The version of OpenSSH did not upgrade with the system.