On 5/25/21 7:31 AM, Kaushal Shriyan wrote: > On Tue, May 25, 2021 at 5:41 PM Jonathan Billings <billings at negate.org> > wrote: > >> On Tue, May 25, 2021 at 03:29:51PM +0530, Kaushal Shriyan wrote: >>> I am running openssh-server-7.4p1-21.el7.x86_64 on CentOS Linux release >>> 7.9.2009 (Core). Is there a plan to introduce OpenSSH 8.6/8.6p1 version >>> on CentOS Linux release 7.9.2009? >>> >>> #cat /etc/redhat-release >>> CentOS Linux release 7.9.2009 (Core) >>> #rpm -qa | grep -i ssh >>> openssh-clients-7.4p1-21.el7.x86_64 >>> libssh2-1.8.0-4.el7.x86_64 >>> openssh-7.4p1-21.el7.x86_64 >>> openssh-server-7.4p1-21.el7.x86_64 >>> # >>> >>> Please guide. Thanks in advance. >>> >>> More Info:- https://www.openssh.com/releasenotes.html >> >> It's unlikely. RHEL7/CentOS7 is in maintenance support mode, so no >> new major feature changes are expected. Only major security/bug fixes >> are expected to be introduced. >> >> See this chart for more details: >> https://en.wikipedia.org/wiki/Red_Hat_Enterprise_Linux#Product_life_cycle >> >> The version in CentOS 7 isn't simply the version from OpenSSH, many >> features and securify fixes have been backported in the past, so if >> there's something in particular you are looking for, please mention >> it. >> >> > Thanks Jonathan for the reply. I have configured the below SSH > configuration as part of hardening to address vulnerabilities. > > KexAlgorithms curve25519-sha256,curve25519-sha256 at libssh.org >> ,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256 >> Ciphers chacha20-poly1305 at openssh.com,aes256-gcm at openssh.com, >> aes128-gcm at openssh.com,aes256-ctr,aes192-ctr,aes128-ctr >> MACs hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com > > > Is there a way to validate if the above Key exchange, Cipher and MAC > algorithms address the vulnerabilities? Please guide. Thanks in advance. Red Hat uses the Backporting method to address security issues in RHEL .. and we inherit that method in CentOS: https://access.redhat.com/security/updates/backporting If you are looking for a specific vulnerability .. look here: https://access.redhat.com/security/security-updates/#/ Look up the CVE .. you can find if the issue is relevant, what version fixes the issue, etc.