Upgrade OpenSSH

Login to the Carbon Black Cloud Workload appliance using admin credentials.

Escalate privileges to root.

Verify that packages.vmware.com is whitelisted by issuing the following command:

curl packages.vmware.com

Sample output:

<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>cloudflare</center>
</body>
</html>

Enable photon repositories by issuing the following command to edit the file:

vi /etc/yum.repos.d/photon.repo

Change the enabled variable to 1.

Verify the changes by issuing the following command:

cat /etc/yum.repos.d/photon.repo

Sample output:

[photon]
name=VMware Photon Linux $releasever ($basearch)
baseurl=https://packages.vmware.com/photon/$releasever/photon_$releasever_$basearch
gpgkey=file:///etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY file:///etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY-4096
gpgcheck=1
enabled=1
skip_if_unavailable=1
skip_md_filelists=1

Check the OpenSSH version by issuing the following command:

rpm -qa | grep openssh

Sample output:

openssh-clients-8.9p1-7.ph4.x86_64
openssh-server-8.9p1-7.ph4.x86_64
openssh-8.9p1-7.ph4.x86_64

Refresh the photon repo cache by issuing the following command:

tdnf makecache --refresh

Sample output:

Refreshing metadata for: 'VMware Photon Linux 4.0 (x86_64)'
Metadata cache created.

Check for available OpenSSH updates:

tdnf check-update | grep openssh

Sample output:

openssh.x86_64
openssh-clients.x86_64
openssh-server.x86_64

Update OpenSSH. Type y when required.

tdnf update openssh

Sample output:

Upgrading:
openssh-server                                                            x86_64                               8.9p1-8.ph4                                       photon                                          1.14M 1196403
openssh-clients                                                           x86_64                               8.9p1-8.ph4                                       photon                                          4.84M 5073733
openssh                                                                   x86_64                               8.9p1-8.ph4                                       photon                                                0.00b 0
 
Total installed size:   5.98M 6270136
Is this ok [y/N]: y
 
Downloading:
openssh-server                          485361 100%
openssh-clients                         911105 100%
openssh                                  13001 100%
Testing transaction
Running transaction
Installing/Updating: openssh-clients-8.9p1-8.ph4.x86_64
Installing/Updating: openssh-server-8.9p1-8.ph4.x86_64
Installing/Updating: openssh-8.9p1-8.ph4.x86_64
Removing: openssh-8.9p1-7.ph4.x86_64
Removing: openssh-server-8.9p1-7.ph4.x86_64
Warning: The unit file, source configuration file or drop-ins of sshd.service changed on disk. Run 'systemctl daemon-reload' to reload units.
Warning: The unit file, source configuration file or drop-ins of sshd-keygen.service changed on disk. Run 'systemctl daemon-reload' to reload units.
Removing: openssh-clients-8.9p1-7.ph4.x86_64
 
Complete!

Validate the upgrade:

rpm -qa | grep openssh

Sample output:

openssh-clients-8.9p1-8.ph4.x86_64
openssh-server-8.9p1-8.ph4.x86_64
openssh-8.9p1-8.ph4.x86_64

Disable photon repositories. To edit the file, issue the following command:

vi /etc/yum.repos.d/photon.repo

Change the enabled variable to 0.

Verify the changes:

cat  /etc/yum.repos.d/photon.repo

Sample output:

[photon]
name=VMware Photon Linux $releasever ($basearch)
baseurl=https://packages.vmware.com/photon/$releasever/photon_$releasever_$basearch
gpgkey=file:///etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY file:///etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY-4096
gpgcheck=1
enabled=0
skip_if_unavailable=1
skip_md_filelists=1

Restart cwp-appliance and verify that it is functioning as expected.

Procedure