On Tue, May 25, 2021 at 5:41 PM Jonathan Billings <billings at negate.org> wrote: > On Tue, May 25, 2021 at 03:29:51PM +0530, Kaushal Shriyan wrote: > > I am running openssh-server-7.4p1-21.el7.x86_64 on CentOS Linux release > > 7.9.2009 (Core). Is there a plan to introduce OpenSSH 8.6/8.6p1 version > > on CentOS Linux release 7.9.2009? > > > > #cat /etc/redhat-release > > CentOS Linux release 7.9.2009 (Core) > > #rpm -qa | grep -i ssh > > openssh-clients-7.4p1-21.el7.x86_64 > > libssh2-1.8.0-4.el7.x86_64 > > openssh-7.4p1-21.el7.x86_64 > > openssh-server-7.4p1-21.el7.x86_64 > > # > > > > Please guide. Thanks in advance. > > > > More Info:- https://www.openssh.com/releasenotes.html > > It's unlikely. RHEL7/CentOS7 is in maintenance support mode, so no > new major feature changes are expected. Only major security/bug fixes > are expected to be introduced. > > See this chart for more details: > https://en.wikipedia.org/wiki/Red_Hat_Enterprise_Linux#Product_life_cycle > > The version in CentOS 7 isn't simply the version from OpenSSH, many > features and securify fixes have been backported in the past, so if > there's something in particular you are looking for, please mention > it. > > Thanks Jonathan for the reply. I have configured the below SSH configuration as part of hardening to address vulnerabilities. KexAlgorithms curve25519-sha256,curve25519-sha256 at libssh.org > ,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256 > Ciphers chacha20-poly1305 at openssh.com,aes256-gcm at openssh.com, > aes128-gcm at openssh.com,aes256-ctr,aes192-ctr,aes128-ctr > MACs hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com Is there a way to validate if the above Key exchange, Cipher and MAC algorithms address the vulnerabilities? Please guide. Thanks in advance. Best Regards,