I have a Red Hat Enterprise Linux server (7.5 x86_64). I have OpenSSH version 7.4. I was asked to upgrade it to a later version for security reasons: Nessus states that OpenSSH should be ugraded from 7.4 to 7.6 or later. However the Red Hat software and downloads does not have the latest package RPM.
I found some clues on where to get the latest package for OpenSSH. I found this link, however, I do not know on how to upgrade it and trust this website. I do not want the SSH and other configuration to be modified by the ugrade.
I did find links but however they are not useful, for example this one.
I would like to know how to upgrade OpenSSH without using yum.
Best Answer
RHEL 7 ships OpenSSH 7.4p1 with any patches necessary to fix security issues. RHEL 7 is fully supported until 2024 (and longer with extended support contracts).
This means that all known vulnerabilities in your version of OpenSSH are fixed, and newly-discovered vulnerabilities which are discovered in the future will be fixed — there’s no need to upgrade to the latest version of OpenSSH to avoid vulnerabilities.
That’s one of the points of using a supported distribution: you can rely on your distributor to take care of upstream vulnerabilities for you (as long as you keep your systems up-to-date).
To upgrade to a version of OpenSSH later than 7.4 you’d have to upgrade to RHEL 8 (which is currently in beta and has OpenSSH 7.8), or build it yourself for RHEL 7 (and take on support for future vulnerabilities).