AIX

Hello, Ary is here

i need your advice

I have machine with AIX 7.1 installed,  Pentester found "SSH User Enumeration" vulnerability, that make me should upgrade SSH to version 7.x or latest,

is it ok to upgrade openSSH without any issue ? or is there any prerequisite before i do upgrade SSH ?.

Thanks in advance,

Hello Ary,

yes, it is OK to upgrade OpenSSH on AIX 7.1. No, you may have issues. As you saw on AIX 6.1 example in another thread, if your AIX 7.1 installation is too old, you'll get the issues. If you are not sure, you can open a call at IBM support and ask them for a guidance.

Usual prerequisite for OpenSSH is OpenSSL.  Be aware that AIX 7.1 will be out of "normal support" soon (https://www.ibm.com/support/pages/aix-support-lifecycle-information).

Hello, Ary is here

i need your advice

I have machine with AIX 7.1 installed,  Pentester found "SSH User Enumeration" vulnerability, that make me should upgrade SSH to version 7.x or latest,

is it ok to upgrade openSSH without any issue ? or is there any prerequisite before i do upgrade SSH ?.

Thanks in advance,

Hi Andrey,

please advice,

the machine has os version 7100-04-04-1717, is it able to upgrade without upgdate SP ?.

thank you.

Hello Ary,

yes, it is OK to upgrade OpenSSH on AIX 7.1. No, you may have issues. As you saw on AIX 6.1 example in another thread, if your AIX 7.1 installation is too old, you'll get the issues. If you are not sure, you can open a call at IBM support and ask them for a guidance.

Usual prerequisite for OpenSSH is OpenSSL.  Be aware that AIX 7.1 will be out of "normal support" soon (https://www.ibm.com/support/pages/aix-support-lifecycle-information).

Hello, Ary is here

i need your advice

I have machine with AIX 7.1 installed,  Pentester found "SSH User Enumeration" vulnerability, that make me should upgrade SSH to version 7.x or latest,

is it ok to upgrade openSSH without any issue ? or is there any prerequisite before i do upgrade SSH ?.

Thanks in advance,

Hi Ary,

I would first update AIX.

AIX 7.1 TL4 SP4, which you have, is from 2017 (17XX). There were several servicepaks after it. The latest is SP8 from 2019. Moreover TL4 is not supported anymore - look at the link I sent in the last message. It was supported until December 31, 2019. It means that the newest OpenSSL and OpenSSH versions were not tested with your AIX version.

That's why I would suggest to update AIX to AIX 7.1 TL5 SP10 (the latest in AIX 7.1) before updating OpenSSL/OpenSSH. If your pentester found a vulnerability in OpenSSH, they could require you have a supported AIX version. In this case you can even get support from IBM till April 30, 2023.

Hi Andrey,

please advice,

the machine has os version 7100-04-04-1717, is it able to upgrade without upgdate SP ?.

thank you.

Hello Ary,

yes, it is OK to upgrade OpenSSH on AIX 7.1. No, you may have issues. As you saw on AIX 6.1 example in another thread, if your AIX 7.1 installation is too old, you'll get the issues. If you are not sure, you can open a call at IBM support and ask them for a guidance.

Usual prerequisite for OpenSSH is OpenSSL.  Be aware that AIX 7.1 will be out of "normal support" soon (https://www.ibm.com/support/pages/aix-support-lifecycle-information).

Hello, Ary is here

i need your advice

I have machine with AIX 7.1 installed,  Pentester found "SSH User Enumeration" vulnerability, that make me should upgrade SSH to version 7.x or latest,

is it ok to upgrade openSSH without any issue ? or is there any prerequisite before i do upgrade SSH ?.

Thanks in advance,