I use Ovh to host a VPS in which my services run. I choose the latest, Ubuntu 20.04 release for my VPS OS image, ran an apt-get update && apt-get upgrade -y && apt-get dist-upgrade -y && reboot and then ran an nmap -sV --script vulners <IP> to only see this:
22/tcp open ssh OpenSSH 8.3p1 Ubuntu 1ubuntu0.1 (Ubuntu Linux; protocol 2.0)
| vulners:
| cpe:/a:openbsd:openssh:8.3p1:
| EDB-ID:21018 10.0 https://vulners.com/exploitdb/EDB-ID:21018 *EXPLOIT*
| CVE-2001-0554 10.0 https://vulners.com/cve/CVE-2001-0554
| CVE-2020-15778 6.8 https://vulners.com/cve/CVE-2020-15778
| CVE-2021-28041 4.6 https://vulners.com/cve/CVE-2021-28041
| MSF:ILITIES/OPENBSD-OPENSSH-CVE-2020-14145/ 4.3 https://vulners.com/metasploit/MSF:ILITIES/OPENBSD-OPENSSH-CVE-2020-14145/ *EXPLOIT*
| MSF:ILITIES/HUAWEI-EULEROS-2_0_SP9-CVE-2020-14145/ 4.3 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP9-CVE-2020-14145/*EXPLOIT*
| MSF:ILITIES/HUAWEI-EULEROS-2_0_SP8-CVE-2020-14145/ 4.3 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP8-CVE-2020-14145/*EXPLOIT*
| MSF:ILITIES/HUAWEI-EULEROS-2_0_SP5-CVE-2020-14145/ 4.3 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP5-CVE-2020-14145/*EXPLOIT*
| MSF:ILITIES/F5-BIG-IP-CVE-2020-14145/ 4.3 https://vulners.com/metasploit/MSF:ILITIES/F5-BIG-IP-CVE-2020-14145/ *EXPLOIT*
| CVE-2020-14145 4.3 https://vulners.com/cve/CVE-2020-14145
and so on... From here, I disabled u/p authentication and changed it to RSA authentication which seems snakeoil to me because most of these exploits seem way beyond the method of authentication but anyway, I then thought I could use ufw as a basic whitelist for IPV4/IPV6 connections via SSH but this seems so overkill... I Googled if I could upgrade my SSH but it seems it is built into the 20.04 image and the OS needs upgrading - but OVH does not offer this...
What is the correct way to secure from these underlying issues? Reinstalling the VPS with new OS images seems like a long "down-time" way of providing patches and security maintenance. Any advice on how I can secure this SSH issue?
My VPS can be located here: https://www.ovhcloud.com/en-gb/vps/
