7

The versions of OpenSSH & OpenSSL in Git Bash are really old. As of this posting, when inputting ssh -V the versions are:

OpenSSH_4.6p1, OpenSSL 0.9.8e 23 Feb 2007

My question is, how do we upgrade these (safely, without breaking anything, etc.)? This article has a solution, but it only mentions upgrading OpenSSH, not OpenSSL, although I'm sure you could find OpenSSL files to transfer as well. However, it requires installing Cygwin, which may not be wanted. There is a way to download the Cygwin modules but not install them, though, but this does not seem to add some DLL's like cygcrypto.dll & cygwin1.dll.

Even if this works, is there another way? Can you just download some files from openssh.com/openssl.org and change a couple config files?

trysis
  • 8,086
  • 17
  • 51
  • 80
  • 1
    My cygwin returns on `ssh -V` : OpenSSH_6.4p1, OpenSSL 1.0.1e 11 Feb 2013 – inselberg Jan 02 '14 at 03:37
  • Yes, Cygwin is apparently more up-to-date. My question was about Git Bash. – trysis Jan 02 '14 at 04:09
  • Yeah you're probably vulnerable to reverse Heartbleed and whatever else has been fixed in the last seven years. – Colonel Panic Dec 20 '14 at 21:12
  • Heartbleed is new, so if anything Git Bash probably *isn't* vulnerable to it. It is vulnerable to the Bash bug, though, not that anyone's probably going to put in the effort to make an exploit for it. I don't know about "reverse Heartbleed". – trysis Dec 21 '14 at 00:12

2 Answers2

2

Note: the last Git for Windows release (the Git 2.12.1, March 2017) uses now a much more recent OpenSSL version.
The Windows port uses now OpenSSL's implementation of SHA-1 routines

See commit 2cfc70f (09 Feb 2017) by Jeff Hostetler (jeffhostetler).
(Merged by Junio C Hamano -- gitster -- in commit 033328a, 13 Mar 2017)

mingw: use OpenSSL's SHA-1 routines

Use OpenSSL's SHA-1 routines rather than builtin block-sha1 routines.
This improves performance on SHA1 operations on Intel processors.

OpenSSL 1.0.2 has made considerable performance improvements and support the Intel hardware acceleration features. 

C:\tools\gits\latest\usr\bin>openssl version
OpenSSL 1.0.2k  26 Jan 2017

See:

And yes, OpenSSH is more recent too:

C:\tools\gits\latest\usr\bin>ssh -V
OpenSSH_7.3p1, OpenSSL 1.0.2k  26 Jan 2017
VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
  • Thanks. By this point, I've kind of accepted that Git Bash doesn't have a recent version of these 2, and when I use it (at work to connect to our Linux server, at home I have a Linux) I just use it & move on. It's good if they've updated, though. – trysis Mar 26 '17 at 17:09
  • @trysis "By this point, I've kind of accepted that Git Bash doesn't have a recent version of these 2": it actually has, since Git 2.5+ (Aug. 2015, where the maintainer was hired by Microsoft: http://stackoverflow.com/a/40059664/6309). The latest Git for Windows has *very* recent versions. – VonC Mar 26 '17 at 17:30
  • Oh, I guess I haven't kept very up-to-date. I just recently had my company's Windows maintainer person update my Git Bash for the first time in a year or 2. – trysis Mar 26 '17 at 17:38
1

UPDATE: This is the file list i am using at the moment to make cygwin ssh work with git bash.

From the cygwin installation directory, copy the below filelist to your git bash installation directory.

Be aware, if you have configured ~/.ssh/config then you need to set correct permissions from cygwin for ssh to work properly.

cygasn1-8.dll cygattr-1.dll cygbz2-1.dll cygcom_err-2.dll cygcrypt-0.dll cygcrypto-1.0.0.dll cygedit-0.dll cygform-10.dll cygformw-10.dll cyggcc_s-1.dll cyggmp-10.dll cyggmp-3.dll cyggssapi-3.dll cygheimbase-1.dll cygheimntlm-0.dll cyghistory7.dll cyghx509-5.dll cygiconv-2.dll cygintl-8.dll cygkafs-0.dll cygkrb5-26.dll cyglsa.dll cyglsa64.dll cyglua-5.1.dll cyglzma-5.dll cygmagic-1.dll cygmenu-10.dll cygmenuw-10.dll cygmp-3.dll cygmpfr-4.dll cygncurses++-10.dll cygncurses++w-10.dll cygncurses-10.dll cygncursesw-10.dll cygpanel-10.dll cygpanelw-10.dll cygpcre-0.dll cygpcre-1.dll cygpopt-0.dll cygreadline7.dll cygroken-18.dll cygsqlite3-0.dll cygssl-1.0.0.dll cygssp-0.dll cygstdc++-6.dll cygtic-10.dll cygticw-10.dll cygwin1.dll cygwind-0.dll cygwrap-0.dll cygz.dll ssh-add.exe ssh-agent.exe ssh-copy-id ssh-host-config ssh-keygen.exe ssh-keyscan.exe ssh-user-config ssh.exe sshfiles

Rasmus Østergaard Kjær Voss
  • 1,806
  • 12
  • 10
  • Thank you! I don't have the patience or energy to test this now, but from what I remember when trying to do it last, Git Bash kept complaining about other files that didn't exist (in its repository; they existed to Cygwin). This was why I'm asking this question, because it seems you need to transfer more files than that blog post mentioned. – trysis May 19 '14 at 14:32