Help! Downgrade openssh
 

I want to downgrade my openssh and openssl version on debian10/11 to this version

OpenSSH_7.4p1 Debian-10+deb9u7, OpenSSL 1.0.2u 20 Dec 2019.


Is it possible?!!

Please help , it is very important to my business.

Thanks

Those are the versions in Debian 9 Stretch (oldoldstable).

Downgrading might have very serious security implications. "Very important to my business" is not enough of a reason. Why are you trying this?

As to your question
Not directly. Downgrading OpenSSL is not feasible because of the sheer number of packages that depend on it. But you can install libssl1.0 parallel to libssl1.1 and point to it software that requires the older version via LD_PRELOAD.

Depending on your situation, there may be better ways to achieve what you want.

Agree with shruggy 100%; while you MIGHT be able to do such a thing, it has far reaching implications. And I'm not sure what 'business' you have that requires less security, or why you need this.

Clarify your needs and what you're actually trying to accomplish.

I need to do this, because I have a Website for VPN servers and I can't connect my VPS to my website because of the version of SSH.
Example. I can connect Debian-9 with my website, but Debian-10 or newer not.

That is why, I think the problem is from SSH version, because the SSH Client in my Website is for old version of ssh servers developed.
If somebody can help me , please do .

I can also pay for this

Thanks

If you end up with an expired version of SSH server, it is almost certain you will end up paying for it sooner or later. :( It is a costly mistake which can be avoided by upgrading the client. It would be highly recommend to avoid such a situation.

Your client system almost certainly has a backports repository from which you can pull a more modern version of the SSH server client and then connect that way.

Why do you think this?? What is the actual error/message you get when trying to connect? What are you trying to connect FROM? Have you tried using verbose logging on ssh (see the man page), to see what's going on?

Also, if this is a new installation, your SSH identification may have changed. And this is a community forum...if you want to pay someone, there are other sites you can advertise the job on, otherwise you can provide information and we can help you to help yourself. If you'd like to pay someone, it's almost certain anyone here would want to be paid up front.

Thanks for replying,
This is my website [removed] , and the users can create (ssh and vpn) accounts for free .
I use Debian 9 and Ubuntu 16, but unfortunately everything changes by the time. I think Debian-9 will stop, because new version come. The problem my web client doesn't accept Debian-10 or newer and I think because of ssh version. I tried to change SSH version of Debian-10 to same version of Debian-9 but I couldn't. I don't know, if there is any Trick to do that.

Then follow the advice given in post #2.
Despite all warnings, I might add.

Fix your web client then!

*AGAIN*, you are still not providing any information. You were asked for logs/messages, and were advised to turn on verbose logging to see what the actual issue is. Just saying "doesn't accept" tells us nothing.

Doing what you want is an incredibly bad idea, and there is NO REASON to do it, period. You are, at some point, going to HAVE TO UPGRADE...do it now, rather than making an entire system insecure and unstable by trying to downgrade a critical component.

Thanks ��Guys ,

Actually I did it, I downgrade openssh version on my Debian-10 and it works great.

The openssh server depends on ssh client on the system, so I should downgrade both pakages and install libssl1.0.2 (ich changed the foleder /etc/apt on Debian10 with forder of Debian9)
Then it works fine.
In this way I can use a new system, but only old version of ssh I have to install.

@radwan1998,

Welcome to LQ.

Glad you found a suitable solution.

The link you provided, while intended to support your question details, is also very close to advertising. Please avoid posting that or similar again, and the link has been edited out.

You also have the option of using Thread Tools to Mark your thread as Solved to indicate you arrived at a solution.