On Tue, May 25, 2021 at 5:41 PM Jonathan Billings <billings@xxxxxxxxxx>
wrote:
> On Tue, May 25, 2021 at 03:29:51PM +0530, Kaushal Shriyan wrote:
> > I am running openssh-server-7.4p1-21.el7.x86_64 on CentOS Linux release
> > 7.9.2009 (Core). Is there a plan to introduce OpenSSH 8.6/8.6p1 version
> > on CentOS Linux release 7.9.2009?
> >
> > #cat /etc/redhat-release
> > CentOS Linux release 7.9.2009 (Core)
> > #rpm -qa | grep -i ssh
> > openssh-clients-7.4p1-21.el7.x86_64
> > libssh2-1.8.0-4.el7.x86_64
> > openssh-7.4p1-21.el7.x86_64
> > openssh-server-7.4p1-21.el7.x86_64
> > #
> >
> > Please guide. Thanks in advance.
> >
> > More Info:- https://www.openssh.com/releasenotes.html
>
> It's unlikely. RHEL7/CentOS7 is in maintenance support mode, so no
> new major feature changes are expected. Only major security/bug fixes
> are expected to be introduced.
>
> See this chart for more details:
> https://en.wikipedia.org/wiki/Red_Hat_Enterprise_Linux#Product_life_cycle
>
> The version in CentOS 7 isn't simply the version from OpenSSH, many
> features and securify fixes have been backported in the past, so if
> there's something in particular you are looking for, please mention
> it.
>
>
Thanks Jonathan for the reply. I have configured the below SSH
configuration as part of hardening to address vulnerabilities.
KexAlgorithms curve25519-sha256,curve25519-sha256@xxxxxxxxxx
> ,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256
> Ciphers chacha20-poly1305@xxxxxxxxxxx,aes256-gcm@xxxxxxxxxxx,
> aes128-gcm@xxxxxxxxxxx,aes256-ctr,aes192-ctr,aes128-ctr
> MACs hmac-sha2-256-etm@xxxxxxxxxxx,hmac-sha2-512-etm@xxxxxxxxxxx
Is there a way to validate if the above Key exchange, Cipher and MAC
algorithms address the vulnerabilities? Please guide. Thanks in advance.
Best Regards,
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
