I have been working on an online store for a while. Part of what I am tasked
with is keeping the cart Payment Card Industry (PCI) complaint.
I'm more of a programmer so my sys admin skills are not as developed as i would
like.
We hired a company who scans our server and reports back to us.
Here is one of about 10 questions I have.
They report :
We were able to determine which versions of the SSH protocol the remote SSH
daemon supports.
This gives potential attackers additional information about the system they are
attacking.
AND
It is possible to obtain information about the remote SSH server by sending an
empty authentication request.
I ran nmap and the SSH port does not show. I've looked in the sshd_config and
find nothing that would alert me to how I can turn off reporting it's config or
it's existence.
Any help much appreciated!
------------------------
Keith Smith
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
