OpenSSH - how are you going to upgrade? PDF Print E-mail
User Rating: / 0
PoorBest 
Written by Michael Felt   
OpenSSH was updated last month to version 6.8p1. To see the improvements,check out the OpenSSH-6.8-release notes.
And if you think - "I want that" you can get a new version via AIXTOOLS.

You have a choice!

Or you can go a step further and follow OpenBSD's mission to eliminate risks bolted onto OpenSSL.

LibreSSL-2.1.6 is the latest release, and for your testing I have a second version of OpenSSH that has been linked with LibreSSL. In the past I called it LibreSSH but now I have changed the package name to aixtools.libressl.openssh.
Pay attention
In the release notes for OpenSSH-6.7 you should see that the default ciphers have changed. This should be so-what. But if you have an old SSH client (like I did) you may get a message like "Algorithm negotiation failed" then try starting your client in debug mode to see what your client is missing.

debug: Remote version: SSH-2.0-OpenSSH_6.8
debug: OpenSSH: Major: 6 Minor: 8 Revision: 0
debug: Ssh2Transport: All versions of OpenSSH handle kex guesses incorrectly.
debug: Ssh2Transport: Algorithm negotiation failed for c_to_s_cipher: client list: aes128-cbc,3des-cbc,twofish128-cbc,cast128-cbc,twofish-cbc,blowfish-cbc,aes192-cbc,aes256-cbc,twofish192-cbc,twofish256-cbc,arcfour vs. server list : aes128-ctr,aes192-ctr,aes256-ctr, This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
debug: Ssh2Transport: Algorithm negotiation failed for s_to_c_cipher: client list: aes128-cbc,3des-cbc,twofish128-cbc,cast128-cbc,twofish-cbc,blowfish-cbc,aes192-cbc,aes256-cbc,twofish192-cbc,twofish256-cbc,arcfour vs. server list : aes128-ctr,aes192-ctr,aes256-ctr, This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
debug: Ssh2Transport: lang s to c: `', lang c to s: `'
debug: Ssh2Transport: Couldn't agree on kex or hostkey alg. (chosen_kex = NULL,chosen_host_key = ssh-dss)
debug: Ssh2Common: DISCONNECT received: Algorithm negotiation failed.
warning: Authentication failed.
Disconnected; key exchange or algorithm negotiation failed (Algorithm negotiation failed.).
debug: Ssh2Common: Destroying SshCommon object.
debug: SshConnection: Destroying SshConn object.


If the client list and server list do not match - you will get an authentification failed message.

To assist you with this possibility the install of aixtools.openbsd.openssh will add these lines if openssh.base.server is already installed.
ciphers aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,arcfour
KexAlgorithms diffie-hellman-group1-sha1

to the file /var/openssh/etc/sshd_config
 
< Prev   Next >