AIX

 View Only
  • 1.  AIX 7.1 Upgrade OpenSSH to OpenSSH version 7.x or later

    Posted Mon March 06, 2023 11:04 PM

    Hello, Ary is here

    i need your advice

    I have machine with AIX 7.1 installed,  Pentester found "SSH User Enumeration" vulnerability, that make me should upgrade SSH to version 7.x or latest,

    is it ok to upgrade openSSH without any issue ? or is there any prerequisite before i do upgrade SSH ?.

    Thanks in advance,



    ------------------------------
    ~Ary Syarifudin
    ------------------------------


  • 2.  RE: AIX 7.1 Upgrade OpenSSH to OpenSSH version 7.x or later

    IBM Champion
    Posted Tue March 07, 2023 03:18 AM

    Hello Ary,

    yes, it is OK to upgrade OpenSSH on AIX 7.1. No, you may have issues. As you saw on AIX 6.1 example in another thread, if your AIX 7.1 installation is too old, you'll get the issues. If you are not sure, you can open a call at IBM support and ask them for a guidance.

    Usual prerequisite for OpenSSH is OpenSSL.  Be aware that AIX 7.1 will be out of "normal support" soon (https://www.ibm.com/support/pages/aix-support-lifecycle-information).



    ------------------------------
    Andrey Klyachkin

    https://www.power-devops.com
    ------------------------------



  • 3.  RE: AIX 7.1 Upgrade OpenSSH to OpenSSH version 7.x or later

    Posted Tue March 07, 2023 05:40 AM

    Hi Andrey,

    please advice,

    the machine has os version 7100-04-04-1717, is it able to upgrade without upgdate SP ?.

    thank you.



    ------------------------------
    Ary Syarifudin
    ------------------------------



  • 4.  RE: AIX 7.1 Upgrade OpenSSH to OpenSSH version 7.x or later

    IBM Champion
    Posted Tue March 07, 2023 06:19 AM

    Hi Ary,

    I would first update AIX.

    AIX 7.1 TL4 SP4, which you have, is from 2017 (17XX). There were several servicepaks after it. The latest is SP8 from 2019. Moreover TL4 is not supported anymore - look at the link I sent in the last message. It was supported until December 31, 2019. It means that the newest OpenSSL and OpenSSH versions were not tested with your AIX version.

    That's why I would suggest to update AIX to AIX 7.1 TL5 SP10 (the latest in AIX 7.1) before updating OpenSSL/OpenSSH. If your pentester found a vulnerability in OpenSSH, they could require you have a supported AIX version. In this case you can even get support from IBM till April 30, 2023.



    ------------------------------
    Andrey Klyachkin

    https://www.power-devops.com
    ------------------------------



  • 5.  RE: AIX 7.1 Upgrade OpenSSH to OpenSSH version 7.x or later

    Posted Tue March 07, 2023 09:47 PM

    Andrey,

    ok well noted, I'll try updating the machine with the latest SP first. that you suggested earlier.

    Thank You.



    ------------------------------
    Ary Syarifudin
    ------------------------------