Could I update OpenSSH_8.2 to at least 8.5 only with binary files?

We use colibri iMX6DL 1.0A running TorizonCore VERSION="5.2.0-devel-20210622144645+build.0 (dunfell)
The colibri is mounted on a carrier board designed by us

We have devices installed with this image, which includes version 8.2 of OpenSSH.
Recently in a vulnerability analysis we were asked to move from OpenSSH8.2 to at least OpenSSH 8.5

Perhaps the correct way to do it would be to compile a new image with the most recent version of OpenSSH and update the processors, however, as they are installed devices, the update process would be complicated.

Remote access to these devices precisely through SSH. Do you have any idea how we could update only this tool? maybe take the binaries from a recent image and patch the current image

Ramon Mendez
Best regards

Greetings @rmendez,

maybe take the binaries from a recent image and patch the current image

Well this could work, though I certainly wouldn’t recommend it. As you said the proper way to go about such a change would be to rebuild/re-compile the entire image with the proper version of OpenSSH.

Worst case scenario would be that between OpenSSH 8.2 and 8.5 the version of the dependencies also changed. Then you would need to figure out and patch the binaries of the affected dependencies as well. This could become rather messy. That said 8.2 versus 8.5 isn’t a big difference in version, so again it might “just work”. I’m not familiar enough with OpenSSH to be able to say.

TorizonCore has an OTA update functionality and OSTree for filesystem updates. Are you not able to update the deployed devices utilizing either of these?

Best Regards,
Jeremias

Thanks @jeremias.tx

We are working on it, as soon as we have something we will update the post