Upgrade openssh

[alebabai]

what

• update openssh-portable version
• update own patches (original-command.diff and obfuscate-version.diff)
• sync patches from alpine (delete old, pull new)

why

closes #19
closes #16

references

• Document openssh patches #16 (comment)

[alebabai]

Compilation still fails for all of these cases:

• completely without patches
• with old alpine patches and updated own patches
• only with updated alpine patches
• with update alpine patches and updated own patches

[alebabai]

The problem is in realpath function.
this patch bsd-compatible-realpath.diff should be updated too

[osterman]

@alebabai should we add a Makefile target to download the current patches the way we did for the helm charts?

[osterman]

@alebabai if it makes it easier to maintain, you can put the patches into vendor folders so we know what's upstream and our own.

E.g. wget —mirror

[osterman]

See inline comments

[alebabai]

should we add a Makefile target to download the current patches the way we did for the helm charts?

I don't think so, because some patches could require to be updated (e.g. bsd-compatible-realpath).

if it makes it easier to maintain, you can put the patches into vendor folders so we know what's upstream and our own.

yeap, it's good idea

[osterman]

This was an alpine patch https://git.alpinelinux.org/cgit/aports/tree/main/openssh

[osterman]

Move to appropriate vendor folder

[alebabai]

yeap, but i modified it - now it differs significantly from alpine one

[osterman]

Move patch to appropriate vendor folder

[osterman]

Please add a README.md to the patches folder that reads something like this:

OpenSSH will not compile out-of-the-box on alpine. For this reason, we use the official patches found here:
- https://git.alpinelinux.org/cgit/aports/tree/main/openssh

We also add a couple of our own patches. 

One patch ensures we have `SSH_ORIGINAL_COMMAND` available during pam auth so we can send slack notifications.
https://github.com/cloudposse/bastion/blob/master/patches/openssh/original-command.diff

The other patch obscures the version of OpenSSH. We use this to hide the SSH version so it's not announced to port-scanners.
https://github.com/cloudposse/bastion/blob/master/patches/openssh/obfuscate-version.diff

When upgrading version of OpenSSH, the patches might need to be regenerated. 

This closes #16

[osterman]

Good job!