Security
cancel
Showing results for 
Search instead for 
Did you mean: 

Using OpenSSH 7.4p1 with HP UX Secure Shell?

 
jhollingsworth
Occasional Visitor

Using OpenSSH 7.4p1 with HP UX Secure Shell?

Hello All,

 

Per my companies Security team, we are required to move to OpenSSH 7.4. However it looks like HP only offers up to 7.3 with the Secure Shell version 7.3. Is there any way to use OpenSSH 7.4 with this version of Secure shell? If so does anyone mind walking me through it?

6 REPLIES 6
Matti_Kurkela
Honored Contributor

Re: Using OpenSSH 7.4p1 with HP UX Secure Shell?

There should be no problems whatsoever in using OpenSSH 7.4p1 with HP Secure Shell 7.3. The underlying SSH protocol is designed to negotiate a lot of protocol options automatically. If you're using a configuration that is anything close to normal, you should not have to do anything special.

Yes, OpenSSH version 7.4p1 removes support for ancient SSH protocol version 1 and requires explicit options to enable the 3des-cbc encryption algorithm - but you should not need those unless you'll need to interoperate with a SSH implementation that is extremely stripped-down or from before year 2006. The difference between HP-SSH 7.3 and OpenSSH 7.4p1 is peanuts compared to that.

You should find the reasons for the security team's requirement and see if they are applicable to HP Secure Shell (they may concern some features that are not enabled by default or not even implemented by HP Secure Shell 7.3).

MK
jhollingsworth
Occasional Visitor

Re: Using OpenSSH 7.4p1 with HP UX Secure Shell?

Thanks for your reply! I repointed all of my files to the new location and doing a ssh -V shows im using 7.4 However, when I SSH into the server it still shows me using 7.3 rather than 7.4.

 

Do you know how i would use 7.4 rather than 7.3?

Steven Schweda
Honored Contributor

Re: Using OpenSSH 7.4p1 with HP UX Secure Shell?

> I repointed all of my files to the new location [...]

   You did what, exactly?  Which "all of my files" now point to which
"new location"?  Define "point to".

>  and doing a ssh -V shows im using 7.4 However, when I SSH into the
> server it still shows me using 7.3 rather than 7.4.

   As usual, showing actual commands with their actual output can be
more helpful than vague descriptions or interpretations.  Which "it",
exactly, shows you what, exactly?  Are you trying to say that sshd on
the server is still version 7.3?  "ssh" and "sshd" are spelled
differently for a reason: Two different programs (which could have two
different versions).

> Do you know how i would use 7.4 rather than 7.3?

   What, exactly, did you install, where/how?  If the sshd version is
what's wrong, then perhaps the inetd configuration specifies the wrong
sshd.

   Also, it's a rare problem report which would fail to benefit from
replacing a description like "the server" with actual output from:

      uname -a

Matti_Kurkela
Honored Contributor

Re: Using OpenSSH 7.4p1 with HP UX Secure Shell?

ssh -V reports the version of the SSH client. Security-wise, the most important thing is usually the version of the SSH server, also known as the sshd daemon. To start using a new SSH server version, you would need to restart the SSH server process (or possibly reboot, but that's usually overkill).

Because sshd needs to generate cryptographically strong unique session keys for every SSH session, it works more efficiently if the sshd process is set up to run continuously, so it can gather the cryptographically strong random numbers needed for key generation in advance, while waiting for incoming clients. It is possible to configure sshd to start from inetd, but that would be a non-default configuration.

At the moment, the HP-UX software download page seems to be down for maintenance, so I cannot verify the latest versions, but historically, restarting the HP-UX Secure Shell could be done like this:

# /sbin/init.d/secsh stop
# /sbin/init.d/secsh start

> However, when I SSH into the server it still shows me using 7.3 rather than 7.4.

Showing _how_?

If you are using "ssh -v" and seeing something like:

debug1: Local version string SSH-2.0-OpenSSH_7.4p1[...]
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.3

... then your SSH client (the "ssh" command/process) is version 7.4, but the SSH server currently running on the host you're connecting to (the "sshd" process) is version 7.3.

MK
Laurent Menase
Honored Contributor

Re: Using OpenSSH 7.4p1 with HP UX Secure Shell?

Hi,

As I know HPE didn't release 7.4 yet, but only a 7.3 as much as I know

So you are probably using community provided version. Check where it had been installed and probably you will need to adapt startup scripts/links

Best regards,

 

H.Merijn Brand (procura
Honored Contributor

Re: Using OpenSSH 7.4p1 with HP UX Secure Shell?

On my site I have 7.4p1, 7.5p1 and 7.6p1 available for instant installation for 11.11, 11.23 and 11.31. You did not state the version and architecture of your machine.

Enjoy, Have FUN! H.Merijn