How to upgrade OpenSSH from 6.6.1p1 to version 7.2p2 on Amazon Linux?
The upgrade is required to fix "OpenSSH Xauth Command Injection" vulnerability. Pasting from Scan results from https://pci.qualys.com:
Result: SSH-2.0-OpenSSH_6.6.1 detected on port 22 over TCP.
Proposed Solution: "Users are advised to upgrade to the latest version of the software available. Refer to OpenSSH 7.2p2 Release Notes for further information."
1)Linux version
ec2-user@demotair.arabidopsis.org$ uname -a
Linux ip-172-31-24-127 4.9.38-16.33.amzn1.x86_64 #1 SMP Thu Jul 20 01:31:29 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
2) Current ssh version on it:
ec2-user@demotair.arabidopsis.org$ ssh -V
OpenSSH_6.6.1p1, OpenSSL 1.0.1k-fips 8 Jan 2015
ec2-user@demotair.arabidopsis.org$ yum list | grep openssh
openssh.x86_64 6.6.1p1-33.66.amzn1 @amzn-updates
openssh-clients.x86_64 6.6.1p1-33.66.amzn1 @amzn-updates
openssh-server.x86_64 6.6.1p1-33.66.amzn1 @amzn-updates
openssh-keycat.x86_64 6.6.1p1-33.66.amzn1 amzn-main
openssh-ldap.x86_64 6.6.1p1-33.66.amzn1 amzn-main
3) Attempt to update results in "No packages marked for update"
ec2-user@demotair.arabidopsis.org$ sudo yum update openssh
Loaded plugins: priorities, update-motd, upgrade-helper
amzn-main | 2.1 kB 00:00:00
amzn-updates | 2.3 kB 00:00:00
No packages marked for update
PS Below links did not help me to upgrade:
https://forums.aws.amazon.com/thread.jspa?messageID=679779#679779 "OpenSSH 7 is not available via yum update"
https://serverfault.com/questions/749199/updating-openssh-on-amazon-linux-amazon-repository-out-of-date quote: "Until Amazon updates its package, you can stop the bug from affecting you by adding the line UseRoaming no to /etc/ssh/ssh_config on any machine from which you will be using the ssh client."
