Page MenuHomeDevCentral

Upgrade OpenSSH version used on DevCentral
Closed, ResolvedPublic

Description

Trying to clone our Docker image for Phabricator, so I can upgrade it to use Phorge, I've noticed this:

$ git clone ssh://vcs@devcentral.nasqueron.org:5022/source/docker-phabricator.git
Cloning into 'docker-phabricator'...
** WARNING: connection is not using a post-quantum key exchange algorithm.
** This session may be vulnerable to "store now, decrypt later" attacks.
** The server may need to be upgraded. See https://openssh.com/pq.html
remote: Enumerating objects: 228, done.
remote: Counting objects: 100% (228/228), done.
remote: Compressing objects: 100% (120/120), done.
remote: Total 228 (delta 61), reused 206 (delta 51), pack-reused 0
Receiving objects: 100% (228/228), 350.58 KiB | 8.99 MiB/s, done.
Resolving deltas: 100% (61/61), done.

Event Timeline

dereckson triaged this task as High priority.Thu, Jul 2, 14:18
dereckson created this task.

Currently runs under Debian 11, target would be Debian 13.

See also T1547 for long-term solution.

  • Updated to Debian 12, then 13
  • /usr merge process done manually, with the help of statically compiled busybox
  • reinstalled libwebp6_0.6.1-2.1+deb11u2_amd64.deb to avoid to update PHP
$ ssh -V
OpenSSH_10.0p2 Debian-7+deb13u4, OpenSSL 3.5.6 7 Apr 2026