Apparently I installed that thing in 2006 and I last updated it in 2016, then I quit updating it for some reason that I totally forgot. Probably laziness…
It’s been running for quite some time and we kind of forgot about it in the closet, until the SSH tunnel we use to get our mail outside our home stopped working because modern openssh clients refuse to use the antiquated key cipher I setup client machines with way back when any longer.
I just generated new keys with a more modern cipher that it understands (ecdsa-sha2-nistp256) and left it running. Because why not 🙂
It’s behind a firewall. The only thing exposed to the outside is port 22 - and only pubkey login too.
And gee dude… It’s been running for 18 years without being pwned 🙂
It hasnt been pwned so far
For that matter, it hasn’t been ransomwared. There are so many ways to hide a compromise.
How do you know?
There’s a file called /pwnedornot and it contains “no, you’re safe bro”
And it’s not like it contains any sensitive information. I’m sure all your emails are just friendly correspondence with your pen pal.
I’d still maybe build a modern OpenSSH package.
There’s been an awful lot of RCEs in the past two decades and uh, if that’s rawdogging the internet, I’m honestly shocked you haven’t been hit with any by now.
How do you know? Do you constantly monitor running processes, performance and network connections?
sorry, but what kind of email server listens only on SSH?
How do you know? OpenSSH is pretty good but it isn’t impenetrable. Especially for almost 10 years.