OpenSSH v6.7 & NumberOfPasswordPrompts Option ...

Nico Kadel-Garcia nkadel at gmail.com
Sat Jan 17 10:58:22 AEDT 2015


On Fri, Jan 16, 2015 at 1:06 PM, Martin Schröder <martin at oneiros.de> wrote:
> 2015-01-16 7:21 GMT+01:00 Nico Kadel-Garcia <nkadel at gmail.com>:
>> RHEL 5 is now 2 major releases behind and was released roughly 7 years
>> ago. Time to update, I think, there have been a *lot* of significant
>> security and architecture changes that can affect the toolchain used
>> to build recent versions of OpenSSH.
>
> 5.11 was release last September. :-)

Yeah, but I'd call that a minor release. RHEL 7 has been out since June of 2014.

> But: When you pay for RHEL, you should use the RH packages.

And if you need major feature updates, like those between OpenSSH 4.3
(the RHEL 5 standard) and OpenSSH 5.3 (the RHEL 6 standard version)
and OpenSSH 6.4 (the RHEL 7 version), well, eventually, backporting
becomes infeasible.

The big problem with the current OpenSSH 6.7p1 release and RHEL 5 is
the out of date OpenSSL library. There are some fascinating checks for
the version number that reject the OpenSSL in RHEL 5, even if it's the
RHEL version with various useful patches backported by Red Hat. The
work of resolving that sort of dependency accumulates, and eventually
become *much* easier just to update the OS rather than maintain the
patches and build trees.

Been there, done that, publish at https://github.com/nkadel/.


More information about the openssh-unix-dev mailing list