Issues after applying OpenSSH PTFs on IBM i

The OpenSSH suite of tools includes the ssh, sftp, and scp client programs, and the sshd server program.  The IBM i can be both an OpenSSH client and an OpenSSH server

OpenSSH is open source code, and the OpenSSH development team provide frequent release updates in order to patch vulnerabilities and fix issues.  The IBM i development team attempt to take those patches and provide PTFs to fix those issues in the 5733SC1 product but attempt to keep the OpenSSH release the same when possible.  The intention of this is to prevent incompatibility issues between clients connecting to the IBM i, or servers accepting connections from the IBM i, that might be running on older, incompatible code.  Additionally, configuration differences between an older release, and a newer release, could cause issues.

However, inevitably, at some point it becomes impossible to continue to do this, and the code will need to be upgraded to a newer release in order to continue to provide patches for reported scan vulnerabilities and bug issues.  Frequently, when this happens, users of the OpenSSH software on the IBM i may experience some issues such as the sshd service might fail to start, or the connection to or from a remote client or server may produce an error.

IBM initiated one such upgrade via PTF in 2016, upgrading the version of OpenSSH from 4.7p1 to 6.9p1.

In July 2019, PTFs were issued which upgraded OpenSSH from 6.9p1 to 8.0p1.  There were some quite major changes to OpenSSH between these two releases.

The OpenSSH team document all the changes in each release in release notes.  It is important to review the release notes for each release between the prior and current release for changes made and how that might impact your usage of the code.  The release notes document can be viewed at https://www.openssh.com/releasenotes.html

That team also provide some OpenSSH Legacy Options for steps to take when a connection fails because the server is running an older legacy release of SSH code. 

The IBM cover letter for the 5733SC1 PTFs also contains some things to check and potentially modify, and the IBM Development team also provide some further information and instructions on their IBM I OpenSSH & OpenSSL Community DeveloperWorks webpage.