Recent content by Mark Patterson

Certainly Brujo. In sshd_config, I removed the line: Subsystem sftp /usr/libexec/openssh/sftp-server and replaced it with: Subsystem sftp internal-sftp Then I added the following rules to sshd_config, one for each user: Match User username ChrootDirectory /var/www/vhosts...

Thank you everyone. This issue with trustwave has finally been resolved.

Why on earth would I ever want to implement port knocking to simply to pass a PCI test designed for my protection when all I have to do is implement a security update which is unavailable to plesk because the maintainers only support an outdated library?

I might add that the failure is not a result of penetration testing. The failure is generated by a simple check of the OpenSSH version number. Otherwise, the server passes all other PCI checks.

Thanks, but no, that does not apply. My issues is described in CVE-2017-15906. IP blocking will not work for me because we have drivers on the road accessing over public networks.

Linux version 3.10.0-327.36.3.el7.x86_64 (builder@kbuilder.dev.centos.org) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-4) (GCC)

We are failing our PCI testing due to OpenSSH 7.4p1, which is the latest in yum. PCI compliance requires a minimum of 7.6. Please help.