Apparently I installed that thing in 2006 and I last updated it in 2016, then I quit updating it for some reason that I totally forgot. Probably laziness…
It’s been running for quite some time and we kind of forgot about it in the closet, until the SSH tunnel we use to get our mail outside our home stopped working because modern openssh clients refuse to use the antiquated key cipher I setup client machines with way back when any longer.
I just generated new keys with a more modern cipher that it understands (ecdsa-sha2-nistp256) and left it running. Because why not 🙂
I’m fairly certain that SSH and whatever else you’re exposing has had vulnerabilities fixed since then, especially if modern distros refuse to use the ssh key you were using, this screams of “we found something so critical here we don’t want to touch it”. If your server exposes anything in a standard port, e.g. SSH on 22, you probably should do a fresh install (although I would definitely not know how to rebuild a system I built almost 20 years ago).
That being said, it’s amazing that an almost 20 year old system can work for almost 10 years without touching anything.
The amount of dos systems I have seen powering critical infrastructure in banks and hospitals is quite frankly nightmare fuel.
A basic DOS system has zero networking or open ports
They normally are isolated systems with controlled access. Same with shipping and any other critical industry.
Not to say that there aren’t exceptions but these days there is a required level of compliance
Remember its what the market determined is the best course of action.