Openssh upgrade

General support questions
Post Reply
ebin
Posts: 3
Joined: 2024/05/05 13:31:32

Openssh upgrade

Post by ebin » 2024/05/05 13:41:09

Hello,

I want to upgrade openssh 7.4pl to openssh 9.6pl in centOS7 without data loss in my base server (We running PHP virtualbox and hosted 6 VMs)

Can anyone support ?

User avatar
TrevorH
Site Admin
Posts: 33243
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Openssh upgrade

Post by TrevorH » 2024/05/05 14:04:27

No. And it's not worth the effort of trying either since CentOS 7 goes EOL in less than 2 months time. Pick a new distro and start your migration to it.

CentOS is dead, you need to move to something else.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

ebin
Posts: 3
Joined: 2024/05/05 13:31:32

Re: Openssh upgrade

Post by ebin » 2024/05/05 14:18:01

Thanks for the information.

But is there any way to do the upgrade?

And can you explain what issues i will face ?

User avatar
TrevorH
Site Admin
Posts: 33243
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Openssh upgrade

Post by TrevorH » 2024/05/05 16:09:43

The "issues" you will face are that CentOS 7 dies in two months so there will be no more updates for it, security or otherwise. It's a dead distro that should not be used any more and certainly not after 2 months time. Putting a lot of work into updating openssh on it is pointless as the entirety of the rest of the distro along with all its 10,000 packages dies in 2 months. You cannot hope to maintain all those on your own so your best bet is to set up a new system running a different distro that is more modern and already includes any fixes from openssh 9 that you want. Migrate your work to that new system.

In any case, the openssh 7.4p1 that is included in CentOS 7 is still maintained by Red Hat so any critical security fixes you think you may need from the newer openssh 9 packagtes are quite likely already included in the CentOS 7 copy. If you have CVE numbers then look at the output from rpm -q --changelog openssh | grep -i cve-20xx-yyyy to see if they are already included.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

User avatar
jlehtone
Posts: 4540
Joined: 2007/12/11 08:17:33
Location: Finland

Re: Openssh upgrade

Post by jlehtone » 2024/05/05 20:56:24

TrevorH wrote:
2024/05/05 16:09:43
In any case, the openssh 7.4p1 that is included in CentOS 7 is still maintained by Red Hat so any critical security fixes you think you may need from the newer openssh 9 packagtes are quite likely already included in the CentOS 7 copy.
This applies wider than just CentOS 7. Red Hat backports fixes into the RHEL packages. See https://access.redhat.com/solutions/57665

Due to those backports the things in RHEL are not what upstream had. For example, the upstream kernel 3.10.0 and Python 2.7 have been long dead in upstream, but RHEL 7 (and CentOS 7) still has something that were initially based on those upstream versions but have since evolved.

As a consequence, if you replace any component in RHEL, then you no longer have RHEL and have to maintain the whole thing on your own. In other words: when it breaks, you can keep the pieces.

CentOS 7 is a rebuild of RHEL 7 and hence the same applies to that too.
AlmaLinux [89] and Rocky Linux [89] are likewise similar to RHEL [89], so same principle applies to them as well.


tldr; One does not replace components of Enterprise Linux.

ebin
Posts: 3
Joined: 2024/05/05 13:31:32

Re: Openssh upgrade

Post by ebin » 2024/05/08 07:25:58

Thank you all for your answers.

Can i migrate CentOS to any other linux distro (debian,redhat etc) including files and software?

User avatar
jlehtone
Posts: 4540
Joined: 2007/12/11 08:17:33
Location: Finland

Re: Openssh upgrade

Post by jlehtone » 2024/05/08 10:42:30

Officially, one makes a fresh install of something, then applies desired config (in way appropriate to the new distro), and transfers user data.
Ideally, the user data is in separate filesystem that does not need to be touched, just mounted to the new OS.

Obviously, one already has good backups of user data ...


(There is a recent project "ELevate" that might be able to in-place convert some EL systems to more recent EL systems -- so not to Debian. https://almalinux.org/elevate/ )

User avatar
TrevorH
Site Admin
Posts: 33243
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Openssh upgrade

Post by TrevorH » 2024/05/08 13:07:16

Elevate sounds good but before use, a backup of the original is essential.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Post Reply