I have been working on an online store for a while. Part of what I am tasked with is keeping the cart Payment Card Industry (PCI) complaint.
I'm more of a programmer so my sys admin skills are not as developed as i would like.
We hired a company who scans our server and reports back to us.
Here is one of about 10 questions I have.
They report :
We were able to determine which versions of the SSH protocol the remote SSH daemon supports.
This gives potential attackers additional information about the system they are attacking.
AND
It is possible to obtain information about the remote SSH server by sending an empty authentication request.
I ran nmap and the SSH port does not show. I've looked in the sshd_config and find nothing that would alert me to how I can turn off reporting it's config or it's existence.
Any help much appreciated!
------------------------
Keith Smith
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)