Downgrade opensshh from 7.4 to 5.1?

Downgrade opensshh from 7.4 to 5.1?

[Kleine Raphael]

Hello

My client can not support OpenSSH_7.2p2 (OpenSSL 1.0.2h  3 May 2016)
and I must downgrade the server to OpenSSH_5.1p1 (OpenSSL 0.9.8l 5 Nov
2009)

but i can not find an old version of Cygwin (1.6.10 for exemple).

- Is there a way to find old version of Cygwin with OpenSSH_5.1p1 ?
or
- Is it possible to only downgrade the openSSH from 7.2p2 to 5.1p1?

Thanks in advance for your help

Raphael

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Downgrade opensshh from 7.4 to 5.1?

[cyg Simple]

On 4/3/2017 10:45 AM, Kleine Raphael wrote:
> Hello
> 
> My client can not support OpenSSH_7.2p2 (OpenSSL 1.0.2h  3 May 2016)
> and I must downgrade the server to OpenSSH_5.1p1 (OpenSSL 0.9.8l 5 Nov
> 2009)
> 

Explain more the "can not support".

> but i can not find an old version of Cygwin (1.6.10 for exemple).
> 
> - Is there a way to find old version of Cygwin with OpenSSH_5.1p1 ?
> or
> - Is it possible to only downgrade the openSSH from 7.2p2 to 5.1p1?
> 

Search for Cygwin Time Machine.

But you may want to find ways for the client to work around the issues
of the newest versions due to important security issues.  Explain what
could be done in the older version that cannot be done with the newest
version.  Perhaps someone will have suggestions.

-- 
cyg Simple

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Downgrade opensshh from 7.4 to 5.1?

[Stephen John Smoogen]

On 3 April 2017 at 11:03, cyg Simple <cygsimple@gmail.com> wrote:
> On 4/3/2017 10:45 AM, Kleine Raphael wrote:
>> Hello
>>
>> My client can not support OpenSSH_7.2p2 (OpenSSL 1.0.2h  3 May 2016)
>> and I must downgrade the server to OpenSSH_5.1p1 (OpenSSL 0.9.8l 5 Nov
>> 2009)
>>
>
> Explain more the "can not support".
>

While I agree we need more information, this may be one of the cases
where a person is trying to be circumspect due to other policies.

I think that the OpenSSH after 6.9 started dropping support for older
algorithms (https://www.openssh.com/txt/release-7.0) . If you are
using SSH to manage various industrial equipment then you are pretty
much stuck with using older SSH because the equipment may only support
RC4 or maybe only has keys of 512 or 768 bits. [Trying to get an
industrial manufacturer to update equipment is a multi-decade process.
They may have just started creating hardware which has SSH vs straight
telnet and they won't update to a newer version of SSH until 2028 :/]



-- 
Stephen J Smoogen.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Downgrade opensshh from 7.4 to 5.1?

[cyg Simple]

On 4/3/2017 12:23 PM, Stephen John Smoogen wrote:
> On 3 April 2017 at 11:03, cyg Simple <cygsimple@gmail.com> wrote:
>> On 4/3/2017 10:45 AM, Kleine Raphael wrote:
>>> Hello
>>>
>>> My client can not support OpenSSH_7.2p2 (OpenSSL 1.0.2h  3 May 2016)
>>> and I must downgrade the server to OpenSSH_5.1p1 (OpenSSL 0.9.8l 5 Nov
>>> 2009)
>>>
>>
>> Explain more the "can not support".
>>
> 
> While I agree we need more information, this may be one of the cases
> where a person is trying to be circumspect due to other policies.
> 
> I think that the OpenSSH after 6.9 started dropping support for older
> algorithms (https://www.openssh.com/txt/release-7.0) . If you are
> using SSH to manage various industrial equipment then you are pretty
> much stuck with using older SSH because the equipment may only support
> RC4 or maybe only has keys of 512 or 768 bits. [Trying to get an
> industrial manufacturer to update equipment is a multi-decade process.
> They may have just started creating hardware which has SSH vs straight
> telnet and they won't update to a newer version of SSH until 2028 :/]

That may be true except for PCI compliance[1] where every piece of
equipment between the processor and computer needs to be 1024 bit
standard.  I'm well aware of the fact that the change takes time even in
my own professional job there are still certificates that carry the 512
bit cert data.  That doesn't mean the business is not trying to upgrade
but due to the sheer mass of computers running the business there are a
few with OLD, OUT-OF-DATE hardware and OS.  However where the business
is outward facing the whole process has been updated without delay.

[1]
https://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard

-- 
cyg Simple

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple