Apparently I installed that thing in 2006 and I last updated it in 2016, then I quit updating it for some reason that I totally forgot. Probably laziness…

It’s been running for quite some time and we kind of forgot about it in the closet, until the SSH tunnel we use to get our mail outside our home stopped working because modern openssh clients refuse to use the antiquated key cipher I setup client machines with way back when any longer.

I just generated new keys with a more modern cipher that it understands (ecdsa-sha2-nistp256) and left it running. Because why not 🙂

  • Nibodhika@lemmy.world
    link
    fedilink
    arrow-up
    45
    arrow-down
    1
    ·
    1 month ago

    I’m fairly certain that SSH and whatever else you’re exposing has had vulnerabilities fixed since then, especially if modern distros refuse to use the ssh key you were using, this screams of “we found something so critical here we don’t want to touch it”. If your server exposes anything in a standard port, e.g. SSH on 22, you probably should do a fresh install (although I would definitely not know how to rebuild a system I built almost 20 years ago).

    That being said, it’s amazing that an almost 20 year old system can work for almost 10 years without touching anything.

    • Sbauer@lemmy.world
      link
      fedilink
      arrow-up
      12
      arrow-down
      1
      ·
      1 month ago

      The amount of dos systems I have seen powering critical infrastructure in banks and hospitals is quite frankly nightmare fuel.