[Package Request] - update OpenSSH / sshd: current version 8 to major version 9 - at least to 9.8

[rgoltz]

What package is missing from Amazon Linux 2023? Please describe and include package name. openssh / sshd

Is this an update to existing package or new package request? Update/Upgrade to an existing package.

What is the version of this package right now? Today, it's version: OpenSSH_8.7p1, OpenSSL 3.0.8 7 Feb 2023

Any additional information you'd like to include. (use-cases, etc) I guess, it's just one example/use-case: We like to benefit from the PerSourcePenalties feature in OpenSSH 9.8 ff. This new option is exciting because for the first time it lets us block only rapidly repeating SSH sources that fail to authenticate. You can check via the following links for PerSourcePenalties configuration setting and its defaults, and also see PerSourcePenaltyExemptList and PerSourceNetBlockSize. With OpenSSH 8.7 we are not able to use this feature yet - We still need to maintain local rules based on ip-tables to implement an 'authfail' penalty duration.

[stewartsmith]

To set expectations here, we are very unlikely to bump OpenSSH due to the requirement of getting it FIPS validated.

[injust]

OpenSSH 10.1 has started nudging users to use post-quantum crypto (which needs OpenSSH 9.0+):

** WARNING: connection is not using a post-quantum key exchange algorithm. ** This session may be vulnerable to "store now, decrypt later" attacks. ** The server may need to be upgraded. See https://openssh.com/pq.html