ok well noted, I'll try updating the machine with the latest SP first. that you suggested earlier.
Thank You.
Original Message:
Sent: Tue March 07, 2023 06:18 AM
From: Andrey Klyachkin
Subject: AIX 7.1 Upgrade OpenSSH to OpenSSH version 7.x or later
Hi Ary,
I would first update AIX.
AIX 7.1 TL4 SP4, which you have, is from 2017 (17XX). There were several servicepaks after it. The latest is SP8 from 2019. Moreover TL4 is not supported anymore - look at the link I sent in the last message. It was supported until December 31, 2019. It means that the newest OpenSSL and OpenSSH versions were not tested with your AIX version.
That's why I would suggest to update AIX to AIX 7.1 TL5 SP10 (the latest in AIX 7.1) before updating OpenSSL/OpenSSH. If your pentester found a vulnerability in OpenSSH, they could require you have a supported AIX version. In this case you can even get support from IBM till April 30, 2023.
------------------------------
Andrey Klyachkin
https://www.power-devops.com
Original Message:
Sent: Tue March 07, 2023 05:39 AM
From: Ary Syarifudin
Subject: AIX 7.1 Upgrade OpenSSH to OpenSSH version 7.x or later
Hi Andrey,
please advice,
the machine has os version 7100-04-04-1717, is it able to upgrade without upgdate SP ?.
thank you.
------------------------------
Ary Syarifudin
Original Message:
Sent: Tue March 07, 2023 03:18 AM
From: Andrey Klyachkin
Subject: AIX 7.1 Upgrade OpenSSH to OpenSSH version 7.x or later
Hello Ary,
yes, it is OK to upgrade OpenSSH on AIX 7.1. No, you may have issues. As you saw on AIX 6.1 example in another thread, if your AIX 7.1 installation is too old, you'll get the issues. If you are not sure, you can open a call at IBM support and ask them for a guidance.
Usual prerequisite for OpenSSH is OpenSSL. Be aware that AIX 7.1 will be out of "normal support" soon (https://www.ibm.com/support/pages/aix-support-lifecycle-information).
------------------------------
Andrey Klyachkin
https://www.power-devops.com
Original Message:
Sent: Mon March 06, 2023 11:03 PM
From: Ary Syarifudin
Subject: AIX 7.1 Upgrade OpenSSH to OpenSSH version 7.x or later
Hello, Ary is here
i need your advice
I have machine with AIX 7.1 installed, Pentester found "SSH User Enumeration" vulnerability, that make me should upgrade SSH to version 7.x or latest,
is it ok to upgrade openSSH without any issue ? or is there any prerequisite before i do upgrade SSH ?.
Thanks in advance,
------------------------------
~Ary Syarifudin
------------------------------