Packages|Tools|aixtools.openbsd.openssh.8.0.0.1601.I
Report Issues (via Forums) and/or TWEET:@aixtools

MD5 Checksum

As of 2005, OpenSSH was the single most popular SSH implementation, coming by default in a large number of operating systems. OSSH meanwhile has become obsolete. OpenSSH continues to be maintained and supports the SSH-2 protocol, having expunged SSH-1 support from the codebase with the OpenSSH 7.6 release. Synopsis The remote SSH server may be affected by a security bypass vulnerability. Description The installed version of OpenSSH is prior to 7.6 and is affected by a vulnerability in the 'processopen' function that does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.

Packages|Tools|aixtools.openbsd.openssh.7.9.0.1601.I
Report Issues (via Forums) and/or TWEET:@aixtools

MD5 Checksum

Package Details

--Michael Felt (talk) 12:04, 25 November 2019 (CET) As I get ready to post OpenSSH-8.1p1 I have moved OpenSSH-7.9p1 back to the top, for those who need OpenSSS-7.X for some reason. The recommendation will be to update to OpenSSH-8.1 though - and that shall be built against openssh.base-1.0.2.2000 (or later).

--Michael Felt (talk) 18:18, 19 April 2019 (CEST) And - here it is - OpenSSH-8.0 with all reference to SSHp1 removed from the code! Enjoy!

History

--Michael Felt (talk) 14:49, 8 November 2018 (CET) A bit late (and skipped packaging of version 7.8p1), but here is openssh-7.9p1

--Michael Felt (talk) 16:43, 21 April 2018 (CEST) Latest version out today. I made a small change to the install scripts - mainly, the rc2.d/Ssshd start script makes sure the /dev/*random devices exist - to prevent 'PRNG not found' errors.

--Michael Felt (talk) 12:33, 20 October 2017 (CEST) new packaging - cosmetic - the 'contents' are unchanged, but the installp scripts have less noise - now 'verbose' messages are printed when the environment variable VERBOSE is defined to any string.

--Michael Felt (talk) 18:16, 13 October 2017 (CEST) have a new packaging (VRMF 7.6.0.1602) - and now includes PAM support AND, more importantly (to me) - fixes a problem that prevented X11 forwarding secure tunnels (off by default) automated connections. The problem was because sshd was looking for xauth at /usr/X11R6/bin/xauth - wheil on AIX it is at /usr/bin/X11/xauth.

--Michael Felt (talk) 21:05, 5 October 2017 (CEST) Spent some time on buildaix and additional support scripts so that the ssh_config and sshd_config files are saved/restored.

--Michael Felt (talk) 11:27, 6 October 2017 (CEST) The helper scripts can be better - so I'll still be repackaging the support scripts - which will mean a new MD5 number later. So, if you have anything special in either /var/openssh/etc/ssh_config of /var/openssh/etc/ssh_config - set those aside first and then update.

Openssh 7.6p1 Exploit

OpenSSH-7.5p1

--Michael Felt (talk) 17:35, 15 May 2017 (UTC) See https://www.openssh.com/releasenotes.html#7.5p1 for the release notes. Note: requires openssl.base-1.0.2!

• If you are updating I recommend you make a backup of /var/openssh/etc before making an updates - in particular of any changes made to either ssh_config or sshd_config. There can be major differences between the different versions (i.e., of only the defaults) and your changes may be overwritten (something for me to work on in the future - TODO!)
• Fixed - AFTER you install openssh-7.3p1 (aka openssh-7.3.0.1601). After because the earlier versions uninstall parts are still removing sshd_config and ssh_config.

OpenSSH-7.4p1

--Michael Felt (talk) 20:16, 2 February 2017 (UTC) Changed the packaging so that the unintended hard dependency on aixtools.zlib.1.2.10 is no more. aixtools.zlib.1.2.11.1 is highly recommended!

--Michael Felt (talk) 22:10, 19 January 2017 (UTC) packaged as aixtools.openbsd.openssh.7.4.0.1601.

OpenSSH-7.3p1

--Michael Felt (talk) 13:08, 15 August 2016 (UTC) packaged as aixtools.openbsd.openssh.7.3.0.1601

OpenSSH-7.2p2

--Michael Felt (talk) 22:51, 6 June 2016 (UTC) packaged as aixtools.openbsd.openssh.7.2.0.1701.I

OpenSSH-7.2p1

--Michael Felt (talk) 11:09, 6 June 2016 (UTC)Now that I understand the differences - this is the preferred OpenSSH as it has done away with TLS1.1 and earlier (by default).

Openssh 7.6p1 Exploit

What problems can you expect? That your OpenSSH clients are not yet ready to work with the strict ciphers, hmac, etc.

OpenSSH-7.1p1

--Michael Felt (talk) 08:45, 16 October 2015 (UTC)

• Patched to fix a pre_install script syntax that occurred when /bin/false was not already one of your defined shells.

I am not yet - happy - with my understanding of the changes to the default behavior regarding root login in OpenSSH-7.1. Like myself, you may prefer the behavior of the 6.9p1 release.

OLD Versions

Links for openssh-server

Debian Resources:

Centos 7 Update Openssh

Download Source Package openssh:

Maintainers:

• Debian OpenSSH Maintainers (QA Page, Mail Archive)
• Colin Watson (QA Page)
• Matthew Vernon (QA Page)

External Resources:

• Homepage [www.openssh.com]

Similar packages:

secure shell (SSH) server, for secure access from remote machines

This is the portable version of OpenSSH, a free implementation ofthe Secure Shell protocol as specified by the IETF secsh workinggroup.

Ssh (Secure Shell) is a program for logging into a remote machineand for executing commands on a remote machine.It provides secure encrypted communications between two untrustedhosts over an insecure network. X11 connections and arbitrary TCP/IPports can also be forwarded over the secure channel.It can be used to provide applications with a secure communicationchannel.

This package provides the sshd server.

In some countries it may be illegal to use any encryption at allwithout a special permit.

sshd replaces the insecure rshd program, which is obsolete for mostpurposes.

Tags: System Administration: Login, Implemented in: C, User Interface: Daemon, Networking: network::server, protocol::ssh, Role: Program, Security: security::authentication, security::cryptography, Purpose: Login, Transmission

Other Packages Related to openssh-server

• dep:adduser (>= 3.9)

  add and remove users and groups

• dep:debconf (>= 0.5)

  Debian configuration management system

  or debconf-2.0

  virtual package provided by cdebconf, cdebconf-udeb, debconf

• dep:dpkg (>= 1.9.0)

  Debian package management system

• dep:init-system-helpers (>= 1.18~)

  helper tools for all init systems

• dep:libaudit1 (>= 1:2.2.1)

  Dynamic library for security auditing

• dep:libc6 (>= 2.17) [not mips, mipsel]

  GNU C Library: Shared libraries
  also a virtual package provided by libc6-udeb

  dep:libc6 (>= 2.19) [mips, mipsel]

• dep:libcomerr2 (>= 1.01)

  common error description library

• dep:libgssapi-krb5-2 (>= 1.14+dfsg)

  MIT Kerberos runtime libraries - krb5 GSS-API Mechanism

• dep:libkrb5-3 (>= 1.13~alpha1+dfsg)

  MIT Kerberos runtime libraries

• dep:libpam-modules (>= 0.72-9)

  Pluggable Authentication Modules for PAM

• dep:libpam-runtime (>= 0.76-14)

  Runtime support for the PAM library

• dep:libpam0g (>= 0.99.7.1)

  Pluggable Authentication Modules library

• dep:libselinux1 (>= 1.32)

  SELinux runtime shared libraries

• dep:libssl1.0.2 (>= 1.0.2d)

  Secure Sockets Layer toolkit - shared libraries

• dep:libsystemd0

  systemd utility library

• dep:libwrap0 (>= 7.6-4~)

  Wietse Venema's TCP wrappers library

• dep:lsb-base (>= 4.1+Debian3)

  Linux Standard Base init script functionality

• dep:openssh-client (= 1:7.4p1-10+deb9u7)

  secure shell (SSH) client, for secure access to remote machines

• dep:openssh-sftp-server

  secure shell (SSH) sftp server module, for SFTP access from remote machines

• dep:procps

  /proc file system utilities

• dep:ucf (>= 0.28)

  Update Configuration File(s): preserve user changes to config files

• dep:zlib1g (>= 1:1.1.4)

  compression library - runtime

• rec:libpam-systemd

  system and service manager - PAM module

• rec:ncurses-term

  additional terminal type definitions

• rec:xauth

  X authentication utility

• sug:molly-guard

  protects machines from accidental shutdowns/reboots

• sug:monkeysphere

  leverage the OpenPGP web of trust for SSH and TLS authentication

• sug:rssh

  Restricted shell allowing scp, sftp, cvs, svn, rsync or rdist

• sug:ssh-askpass

  under X, asks user for a passphrase for ssh-add
  also a virtual package provided by ksshaskpass, kwalletcli, lxqt-openssh-askpass, ssh-askpass-fullscreen, ssh-askpass-gnome

• sug:ufw

  program for managing a Netfilter firewall

Download openssh-server