upgrading to a newer openssh version in centos6

A 5 star hangout for overworked and underpaid system admins.
Post Reply
sezero
Posts: 3
Joined: 2022/10/20 12:00:34

upgrading to a newer openssh version in centos6

Post by sezero » 2022/10/20 12:35:45

I can no longer ssh to sourceforge from a centos6 host: fails with
"Unable to negotiate a key exchange method" error.. sf.net advised
me to upgrade to openssh 5.7 or later (centos6 has 5.3.)

Upon browsing https://archives.fedoraproject.org/pub/archive/, and
also https://src.fedoraproject.org/rpms/openssh, the closest srpm I
can see is:
https://archives.fedoraproject.org/pub/ ... 16.src.rpm

Can anyone please tell me whether there are any details / pitfalls
that I should be watchful for while upgrading?

Thanks in advance.

P.S.: Yes, I know that CentOS 6 has been EOL since the end of 2020.

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: upgrading to a newer openssh version in centos6

Post by TrevorH » 2022/10/20 13:22:35

What that's telling you is that it's about time you got off CentOS 6. It's been dead for 2 years now and there are already root exploits available to break into it. Put your effort into getting off it, not into bodging it.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

sezero
Posts: 3
Joined: 2022/10/20 12:00:34

Re: upgrading to a newer openssh version in centos6

Post by sezero » 2022/10/20 13:33:30

Not what I asked. (Thanks anyway though, I guess..)

sezero
Posts: 3
Joined: 2022/10/20 12:00:34

Re: upgrading to a newer openssh version in centos6

Post by sezero » 2023/09/22 15:29:47

FYI: I actually managed to make things work without installing a new openssh
(rhel6 openssh-5.3 is heavily patched to include ecdh, etc).
The only thing I had to do was create a ~/.ssh/config and put the following
line in there:

Code: Select all

KexAlgorithms=ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
The first three are the ones negotiated by sf and are actually available but
just not default. So, it just works.

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: upgrading to a newer openssh version in centos6

Post by TrevorH » 2023/09/22 16:38:10

Doesn't change the fact that CentOS 6 has been EOL for nearly 3 years (Nov 2020) and there have been numerous high severity security vulnerabilities discovered since then and none of them are fixed in CentOS 6. You really need to get off it ASAP..
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Post Reply