On 5/25/21 7:31 AM, Kaushal Shriyan wrote:
On Tue, May 25, 2021 at 5:41 PM Jonathan Billings billings@negate.org wrote:
On Tue, May 25, 2021 at 03:29:51PM +0530, Kaushal Shriyan wrote:
I am running openssh-server-7.4p1-21.el7.x86_64 on CentOS Linux release 7.9.2009 (Core). Is there a plan to introduce OpenSSH 8.6/8.6p1 version on CentOS Linux release 7.9.2009?
#cat /etc/redhat-release CentOS Linux release 7.9.2009 (Core) #rpm -qa | grep -i ssh openssh-clients-7.4p1-21.el7.x86_64 libssh2-1.8.0-4.el7.x86_64 openssh-7.4p1-21.el7.x86_64 openssh-server-7.4p1-21.el7.x86_64 #
Please guide. Thanks in advance.
More Info:- https://www.openssh.com/releasenotes.html
It's unlikely. RHEL7/CentOS7 is in maintenance support mode, so no new major feature changes are expected. Only major security/bug fixes are expected to be introduced.
See this chart for more details: https://en.wikipedia.org/wiki/Red_Hat_Enterprise_Linux#Product_life_cycle
The version in CentOS 7 isn't simply the version from OpenSSH, many features and securify fixes have been backported in the past, so if there's something in particular you are looking for, please mention it.
Thanks Jonathan for the reply. I have configured the below SSH configuration as part of hardening to address vulnerabilities.
KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org
,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256 Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com, aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr MACs hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com
Is there a way to validate if the above Key exchange, Cipher and MAC algorithms address the vulnerabilities? Please guide. Thanks in advance.
Red Hat uses the Backporting method to address security issues in RHEL .. and we inherit that method in CentOS:
https://access.redhat.com/security/updates/backporting
If you are looking for a specific vulnerability .. look here:
https://access.redhat.com/security/security-updates/#/
Look up the CVE .. you can find if the issue is relevant, what version fixes the issue, etc.