OpenSSH - Pretty Old Version?

How-to
1

Hey!

So… Rockstor comes with OpenSSH version: 6.6.1p1 right now. This is pretty old, and as I understand it… doesn’t come with some of the newer and more secure functionality of the later OpenSSH versions.

1). Is this something that could be a security issue?
2). Is there a way we can upgrade to a newer version? I’d like to use some of the new key exchange stuff/cipher.
3). If there is a reason why it’s OK to have 6.6.1p1, can you explain why/how it’s safe?

I’m new to this and just want to understand.

2

@rocksthor Hello again.
Rockstor is based on CentOS 7.3 (after all updates are applied) and so this question is probably better located in a CentOS forum.

As long as you follow CentOS 7.3 relevant instruction for this it shouldn’t be a problem; although you may have to watch what edits Rockstor may make to the configuration file.

Hope that helps.

3

note: the links have a space after ‘http://’, because new users (me) can’t post links :disappointed:.

@rocksthor You are pasting only part of the openssh package version in CentOS! The real version is:

[root@~]# yum list openssh
openssh.x86_64                                      6.6.1p1-33.el7_3

Of course openssh is maintained and backported by RHEL and CentOS, its last update was on January the 18th: https:// lists.centos.org/pipermail/centos-announce/2017-January/022230.html.

There are newer versions of openssh available, since the most recent version is 7.4: https:// www.openssh.com/txt/release-7.4. But to replace it in CentOS is a bad idea in most cases, you probably should stick with the default OS package.

If you really want to upgrade you could search for compatible Fedora packages, for example: https:// bodhi.fedoraproject.org/updates/FEDORA-2017-4767e2991d might be compatible (some more info: https:// bugzilla.redhat.com/show_bug.cgi?id=1406204).

But then again: this is not recommended and in most cases not needed.

Hope this gives you some more insight ;-).

1 Like