JohannaLeon
Contributor
Contributor

Confirmation version OpenSSH and How can I upgrade if is the case

Jump to solution

Hello Everyone,

I have ESXi 6.7 P03 build number 16713306. I would like to know the confirmation from someone about how can I get the OpenSSH version running on it. I did SSH to my server. Then I typed this command vi /etc/ssh/sshd_config. The comment says OpenSSH 7.8. Please see the image below. If it is correct. So, how can I upgrade OpenSSH to version 7.9. I found the documentation where it says: "CVE-2018-20685: VMware included a fix in the OpenSSH version 7.9 included in ESXi 6.7 Update 2 and later. This issue is fixed in the evaluated patch release". My client used a program to scan the whole system, part of it shows this is a vulnerability that I have to fix by upgrading it. The system suggests upgrading to version 7.6. However, I don't understand why still show me is a vulnerability if is a higher version that they suggested. I think, that I have to upgrade the OpenSSH to 7.9.

I appreciated your time to respond to me.

pastedImage_2.png

0 Kudos
1 Solution

Accepted Solutions
daphnissov
Immortal
Immortal
0 Kudos
5 Replies
daphnissov
Immortal
Immortal

You cannot upgrade certain packages of ESXi without upgrading/patching all of it. It's an all-or-none proposition here. So to get any patches that mitigate vulnerabilities, you will need to patch all of ESXi.

0 Kudos
JohannaLeon
Contributor
Contributor

Hello,

Thank you for your response.

I already installed the whole package, 3 weeks ago with ESXi 6.7 P03. This is the last version according to the "Build numbers and versions of VMware ESXi/ESX (2143832)"

pastedImage_3.png

0 Kudos
daphnissov
Immortal
Immortal

Check the version again:  ssh -V

0 Kudos
JohannaLeon
Contributor
Contributor

Thank you! Smiley Happy

Now, I can show this version is higher.

0 Kudos
scott28tt
VMware Employee
VMware Employee

Moderator: Please consider cropping images before adding them directly into a post to reduce the white space.


-------------------------------------------------------------------------------------------------------------------------------------------------------------

Although I am a VMware employee I contribute to VMTN voluntarily (ie. not in any official capacity)
VMware Training & Certification blog
0 Kudos