Best way to upgrade OpenSSH >8.1


Recommended Posts

Hi,

I'm running Armbian 20.11.6 Buster with Linux 5.9.14-mvebu, on a ClearFog Base.

 

This is (or will be) a production machine, so I'd like to keep it stable where possible. The default OpenSSH version in the stable Armbian build is 7.9.

 

openssh-server/stable,now 1:7.9p1-10+deb10u2 armhf

 

I need to update this package to a version greater than v8.1. By switching to the nightly Ambian build, I see the package is at version 8.4, but I don't know if running the nightly build is great on a production machine.

 

Before I do anything stupid, could I get some feedback about the recommended/safest way to upgrade this package?

 

Thank you :)

 

Tri

Link to post
Share on other sites
Armbian is a community driven open source project. Do you like to contribute your code?

One solution (without upgrading) would be to wait one or two month. The next armbian release is scheduled for February and will basically include all features currently on -dev (nightly). At least for mvebu. So the openssh server should also be updated then.

Although I'm curious how you got openssh-server to 8.4 just by switching to nightly? I'm running a clearfogpro with nightly and still am at 7.9...

 

If you need it faster, you can adjust your apt sources to include an apt with a newer version of openssh.

Link to post
Share on other sites

It is upstream (Debian's), you may add buster-backports (read what are pros and cons: https://wiki.debian.org/Backports). As you can see there are two versions:

 

[root@PKOTHER ~]# apt show openssh-server -a
Package: openssh-server
Version: 1:8.4p1-2~bpo10+1
Priority: optional
Section: net
Source: openssh
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Installed-Size: 1,299 kB
Provides: ssh-server
Depends: adduser (>= 3.9), dpkg (>= 1.9.0), libpam-modules (>= 0.72-9), libpam-runtime (>= 0.76-14), lsb-base (>= 4.1+Debian3), openssh-client (= 1:8.4p1-2~bpo10+1), openssh-sftp-server, procps, ucf (>= 0.28), debconf (>= 0.5) | debconf-2.0, libaudit1 (>= 1:2.2.1), libc6 (>= 2.28), libcom-err2 (>= 1.43.9), libgssapi-krb5-2 (>= 1.17), libkrb5-3 (>= 1.13~alpha1+dfsg), libpam0g (>= 0.99.7.1), libselinux1 (>= 1.32), libssl1.1 (>= 1.1.1), libsystemd0, libwrap0 (>= 7.6-4~), zlib1g (>= 1:1.1.4)
Recommends: default-logind | logind | libpam-systemd, ncurses-term, xauth
Suggests: molly-guard, monkeysphere, ssh-askpass, ufw
Conflicts: sftp, ssh-socks, ssh2
Replaces: openssh-client (<< 1:7.9p1-8), ssh, ssh-krb5
Homepage: http://www.openssh.com/
Download-Size: 345 kB
APT-Sources: http://deb.debian.org/debian buster-backports/main armhf Packages
Description: secure shell (SSH) server, for secure access from remote machines

Package: openssh-server
Version: 1:7.9p1-10+deb10u2
Priority: optional
Section: net
Source: openssh
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Installed-Size: 1,240 kB
Provides: ssh-server
Depends: adduser (>= 3.9), dpkg (>= 1.9.0), libpam-modules (>= 0.72-9), libpam-runtime (>= 0.76-14), lsb-base (>= 4.1+Debian3), openssh-client (= 1:7.9p1-10+deb10u2), openssh-sftp-server, procps, ucf (>= 0.28), debconf (>= 0.5) | debconf-2.0, libaudit1 (>= 1:2.2.1), libc6 (>= 2.28), libcom-err2 (>= 1.43.9), libgssapi-krb5-2 (>= 1.17), libkrb5-3 (>= 1.13~alpha1+dfsg), libpam0g (>= 0.99.7.1), libselinux1 (>= 1.32), libssl1.1 (>= 1.1.1), libsystemd0, libwrap0 (>= 7.6-4~), zlib1g (>= 1:1.1.4)
Recommends: default-logind | logind | libpam-systemd, ncurses-term, xauth
Suggests: molly-guard, monkeysphere, rssh, ssh-askpass, ufw
Conflicts: sftp, ssh-socks, ssh2
Replaces: openssh-client (<< 1:7.9p1-8), ssh, ssh-krb5
Homepage: http://www.openssh.com/
Tag: admin::login, implemented-in::c, interface::daemon, network::server,
 protocol::ssh, role::program, security::authentication,
 security::cryptography, use::login, use::transmission
Download-Size: 319 kB
APT-Manual-Installed: no
APT-Sources: http://deb.debian.org/debian buster/main armhf Packages
Description: secure shell (SSH) server, for secure access from remote machines

 

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...