KYND will flag a "Developer Access" instance as a risk when a known vulnerability exists in the version being used, or if the instance is visible externally when it shouldn't be. For these risks the advice is the following 2 mitigating steps:
- Make sure the service is updated to the latest stable version (for OpenSSH the latest version can always be found here: https://www.openssh.com/releasenotes.html)
- The use of firewalls and placing the port (or the whole host) behind a VPN configured to only allow authorised users to access it, and using an allow list/firewall rules to limit connectivity.
These actions will also prevent the open port from being flagged in a KYND scan.