LISTSERV - SCIENTIFIC-LINUX-USERS Archives

SCIENTIFIC-LINUX-USERS Archives

January 2023

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-USERS Home
	SCIENTIFIC-LINUX-USERS January 2023

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: SL6 ssh fail
From:	Nico Kadel-Garcia <[log in to unmask]>
Reply To:	Nico Kadel-Garcia <[log in to unmask]>
Date:	Sat, 7 Jan 2023 06:54:05 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (47 lines)

On Sat, Jan 7, 2023 at 1:51 AM Konstantin Olchanski <[log in to unmask]> wrote:
>
> > >
> > > I cannot ssh to SL6 machines from current MacOS or Debian 20 or 22:
> >
> > SL 6 is obsolete, maybe time to upgrade?
> >
>
>
> Looking on my list of SL6 machines:
>
> experiment stations: dragon, musr, bnmr/bnqr, pol, titan. these are medium/small sized experiments,
> all software updates must be coordinated with experiment people. each experiment station
> has 2 or 3 SL6 computers (analysis station and VME frontend processor). install ubuntu 22.04,
> rebuild all experiment software, make experiment work again. takes about 1 month of calendar
> time per experiment station.
>
> two twist computers: upgrade by turning them off, they only exist to run Absoft and Intel F90 compilers.
>
> T2K/ND280 in Japan (JParc): update from SL5 recently completed.
>
> DEAP dark matter search at SNOlab: running SL6 and will not be upgraded.
>
> one former central server runs SL6 to run ruby-on-rails-based inventory database (does not work
> on ubuntu). likely "upgrade" is move from physical machine to a VM. ("Just rewrite your inventory
> database using the latest framework-du-jour!", "yessir! getting on it right away, sir!").
>
> For some experiments, upgrade from CentOS-7 to Ubuntu 22 and upgrade from Ubuntu 20 to Ubuntu 22
> has higher priority than upgrades from SL6.
>
> So SL6 machines exist, they perform useful function, it takes a significant effort to upgrade
> them (with no functional gain). In the mean time, nobody apprecates unnecessary rocking
> the boat (breaking SSH, HTTPS, etc).

It's understandable not to want upstream operating systems to break
functional features. In this case, RHEL has not updated the OpenSSH
servers on old operating systems, and OpenSSH has been using more
sophisticated protocols by default in newer configurations.l The
result is what you see. They're not alone: Microsoft has some issues
with their Bastion and git servers using obsolete OpenSSH, and
applying some similar workarounds to get around the limitations.

If you *really need* updated OpenSSH for these..... You might start
with the repos listed at https://urldefense.proofpoint.com/v2/url?u=https-3A__rpm.pbone.net_&d=DwIBaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A&m=UcakLkTCeAIV4S9SoffwQjqkjMlCPfhtr4xMy_NHAsSBWoBzCAgIWsS9ky6YC_Fh&s=bVD5myLc3jR7UtphL9OQoDEPEAcO8wZe7h5aOFUZb8I&e= , namely these:

      https://urldefense.proofpoint.com/v2/url?u=http-3A__rpm.pbone.net_results-5Flimit-5F1-5Fsrodzaj-5F1-5Fdl-5F40-5Fdist-5B-5D-5F74-5Fdist-5B-5D-5F79-5Ffield-5B-5D-5F1-5Ffield-5B-5D-5F2-5Fsearch-5Fopenssh-2Dserver.html&d=DwIBaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A&m=UcakLkTCeAIV4S9SoffwQjqkjMlCPfhtr4xMy_NHAsSBWoBzCAgIWsS9ky6YC_Fh&s=MRVQZiTGmDAIs0XkcJVjQDHlek4ZTnd6llX17e-JiGo&e=

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV