Re: what is the latest version of openssh-server

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

jim martin wrote:

Hi.. We are using openssh-server-3.9p1-7 for our FC3
box, 

[root@wa ]# rpm -qa | grep openssh-server
openssh-server-3.9p1-7

however our auditor want us to upgrade from
Openssh protocol '1' to '2'



The protocol your auditor speaks of is built into most newer versions of openssh, so in fact you do not have to upgrade the openssh software if you want to use protocol 2. Read up about the different protocols in openssh to find out more, maybe start with 

$ man ssh

at the command line. For example it says;

Protocol 2 provides additional mechanisms for confidentiality (the traf-
fic is encrypted using 3DES, Blowfish, CAST128 or Arcfour) and integrity
(hmac-md5, hmac-sha1). Note that protocol 1 lacks a strong mechanism for
ensuring the integrity of the connection.

it means I need to upgrade to openssh-server-3.9p2..
right??



No.

But when I do a 

[root@wa]# up2date --showall | grep openssh-server
openssh-server-3.9p1-8.0.1.i386

It is still p1 only 

I log on to https://rhn.redhat.com/ and did a search
on openssh-server package. those available are all p1
only.  Am I going to the right URL for FC3 ??

You may want to download the latest version of openssh, it is available from http://www.openssh.com/portable.html

The latest version was released in March and is version 4.0p1. Note that If you are using certain older versions of openssh you may be at risk. See today's New York Times for more information.

Jeremiah






[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux