[CentOS] OpenSSH 8.6/8.6p1 on CentOS Linux release 7.9.2009 (Core)

Tue May 25 12:31:40 UTC 2021
Kaushal Shriyan <kaushalshriyan at gmail.com>

On Tue, May 25, 2021 at 5:41 PM Jonathan Billings <billings at negate.org>
wrote:

> On Tue, May 25, 2021 at 03:29:51PM +0530, Kaushal Shriyan wrote:
> > I am running openssh-server-7.4p1-21.el7.x86_64 on CentOS Linux release
> > 7.9.2009 (Core). Is there a plan to introduce OpenSSH 8.6/8.6p1 version
> > on CentOS Linux release 7.9.2009?
> >
> > #cat /etc/redhat-release
> > CentOS Linux release 7.9.2009 (Core)
> > #rpm -qa | grep -i ssh
> > openssh-clients-7.4p1-21.el7.x86_64
> > libssh2-1.8.0-4.el7.x86_64
> > openssh-7.4p1-21.el7.x86_64
> > openssh-server-7.4p1-21.el7.x86_64
> > #
> >
> > Please guide. Thanks in advance.
> >
> > More Info:- https://www.openssh.com/releasenotes.html
>
> It's unlikely.  RHEL7/CentOS7 is in maintenance support mode, so no
> new major feature changes are expected.  Only major security/bug fixes
> are expected to be introduced.
>
> See this chart for more details:
> https://en.wikipedia.org/wiki/Red_Hat_Enterprise_Linux#Product_life_cycle
>
> The version in CentOS 7 isn't simply the version from OpenSSH, many
> features and securify fixes have been backported in the past, so if
> there's something in particular you are looking for, please mention
> it.
>
>
Thanks Jonathan for the reply. I have configured the below SSH
configuration as part of hardening to address vulnerabilities.

KexAlgorithms curve25519-sha256,curve25519-sha256 at libssh.org
> ,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256
> Ciphers chacha20-poly1305 at openssh.com,aes256-gcm at openssh.com,
> aes128-gcm at openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
> MACs hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com


Is there a way to validate if the above Key exchange, Cipher and MAC
algorithms address the vulnerabilities? Please guide. Thanks in advance.

Best Regards,