diff --git a/openssh-6.6p1-redhat.patch b/openssh-6.6p1-redhat.patch
deleted file mode 100644
index 0879b51..0000000
--- a/openssh-6.6p1-redhat.patch
+++ /dev/null
@@ -1,155 +0,0 @@
-diff -up openssh-7.4p1/ssh_config.redhat openssh-7.4p1/ssh_config
---- openssh-7.4p1/ssh_config.redhat	2016-12-19 05:59:41.000000000 +0100
-+++ openssh-7.4p1/ssh_config	2016-12-23 13:32:00.045220402 +0100
-@@ -48,3 +48,7 @@
- #   VisualHostKey no
- #   ProxyCommand ssh -q -W %h:%p gateway.example.com
- #   RekeyLimit 1G 1h
-+#
-+# To modify the system-wide ssh configuration, create a  *.conf  file under
-+#  /etc/ssh/ssh_config.d/  which will be automatically included below
-+Include /etc/ssh/ssh_config.d/*.conf
-diff -up openssh-7.4p1/ssh_config_redhat.redhat openssh-7.4p1/ssh_config_redhat
---- openssh-7.4p1/ssh_config_redhat.redhat	2016-12-23 13:32:00.045220402 +0100
-+++ openssh-7.4p1/ssh_config_redhat	2016-12-23 13:32:00.045220402 +0100
-@@ -0,0 +1,20 @@
-+# Follow system-wide Crypto Policy, if defined:
-+Include /etc/crypto-policies/back-ends/openssh.config
-+
-+# Uncomment this if you want to use .local domain
-+# Host *.local
-+#   CheckHostIP no
-+
-+Host *
-+	GSSAPIAuthentication yes
-+
-+# If this option is set to yes then remote X11 clients will have full access
-+# to the original X11 display. As virtually no X11 client supports the untrusted
-+# mode correctly we set this to yes.
-+	ForwardX11Trusted yes
-+
-+# Send locale-related environment variables
-+	SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
-+	SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
-+	SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE
-+	SendEnv XMODIFIERS
-diff -up openssh-7.4p1/sshd_config.0.redhat openssh-7.4p1/sshd_config.0
---- openssh-7.4p1/sshd_config.0.redhat	2016-12-19 06:21:22.000000000 +0100
-+++ openssh-7.4p1/sshd_config.0	2016-12-23 13:32:00.045220402 +0100
-@@ -837,9 +837,9 @@ DESCRIPTION
- 
-      SyslogFacility
-              Gives the facility code that is used when logging messages from
--             sshd(8).  The possible values are: DAEMON, USER, AUTH, LOCAL0,
--             LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.  The
--             default is AUTH.
-+             sshd(8).  The possible values are: DAEMON, USER, AUTH, AUTHPRIV,
-+             LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
-+             The default is AUTH.
- 
-      TCPKeepAlive
-              Specifies whether the system should send TCP keepalive messages
-diff -up openssh-7.4p1/sshd_config.5.redhat openssh-7.4p1/sshd_config.5
---- openssh-7.4p1/sshd_config.5.redhat	2016-12-19 05:59:41.000000000 +0100
-+++ openssh-7.4p1/sshd_config.5	2016-12-23 13:32:00.046220403 +0100
-@@ -1393,7 +1393,7 @@ By default no subsystems are defined.
- .It Cm SyslogFacility
- Gives the facility code that is used when logging messages from
- .Xr sshd 8 .
--The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
-+The possible values are: DAEMON, USER, AUTH, AUTHPRIV, LOCAL0, LOCAL1, LOCAL2,
- LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
- The default is AUTH.
- .It Cm TCPKeepAlive
-diff -up openssh-7.4p1/sshd_config.redhat openssh-7.4p1/sshd_config
---- openssh-7.4p1/sshd_config.redhat	2016-12-19 05:59:41.000000000 +0100
-+++ openssh-7.4p1/sshd_config	2016-12-23 13:33:05.386233133 +0100
-@@ -10,20 +10,34 @@
- # possible, but leave them commented.  Uncommented options override the
- # default value.
- 
-+# If you want to change the port on a SELinux system, you have to tell
-+# SELinux about this change.
-+# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
-+#
- #Port 22
- #AddressFamily any
- #ListenAddress 0.0.0.0
- #ListenAddress ::
- 
--#HostKey /etc/ssh/ssh_host_rsa_key
-+HostKey /etc/ssh/ssh_host_rsa_key
--#HostKey /etc/ssh/ssh_host_ecdsa_key
--#HostKey /etc/ssh/ssh_host_ed25519_key
-+HostKey /etc/ssh/ssh_host_ecdsa_key
-+HostKey /etc/ssh/ssh_host_ed25519_key
- 
- # Ciphers and keying
- #RekeyLimit default none
- 
-+# System-wide Crypto policy:
-+# If this system is following system-wide crypto policy, the changes to
-+# Ciphers, MACs, KexAlgoritms and GSSAPIKexAlgorithsm will not have any
-+# effect here. They will be overridden by command-line options passed on
-+# the server start up.
-+# To opt out, uncomment a line with redefinition of  CRYPTO_POLICY=
-+# variable in  /etc/sysconfig/sshd  to overwrite the policy.
-+# For more information, see manual page for update-crypto-policies(8).
-+
- # Logging
- #SyslogFacility AUTH
-+SyslogFacility AUTHPRIV
- #LogLevel INFO
- 
- # Authentication:
-@@ -57,9 +62,11 @@ AuthorizedKeysFile	.ssh/authorized_keys
- # To disable tunneled clear text passwords, change to no here!
- #PasswordAuthentication yes
- #PermitEmptyPasswords no
-+PasswordAuthentication yes
- 
- # Change to no to disable s/key passwords
- #ChallengeResponseAuthentication yes
-+ChallengeResponseAuthentication no
- 
- # Kerberos options
- #KerberosAuthentication no
-@@ -68,8 +75,8 @@ AuthorizedKeysFile	.ssh/authorized_keys
- #KerberosGetAFSToken no
- 
- # GSSAPI options
--#GSSAPIAuthentication no
--#GSSAPICleanupCredentials yes
-+GSSAPIAuthentication yes
-+GSSAPICleanupCredentials no
- 
- # Set this to 'yes' to enable PAM authentication, account processing,
- # and session processing. If this is enabled, PAM authentication will
-@@ -80,12 +87,12 @@ AuthorizedKeysFile	.ssh/authorized_keys
- # If you just want the PAM account and session checks to run without
- # PAM authentication, then enable this but set PasswordAuthentication
- # and ChallengeResponseAuthentication to 'no'.
--#UsePAM no
-+UsePAM yes
- 
- #AllowAgentForwarding yes
- #AllowTcpForwarding yes
- #GatewayPorts no
--#X11Forwarding no
-+X11Forwarding yes
- #X11DisplayOffset 10
- #X11UseLocalhost yes
- #PermitTTY yes
-@@ -108,6 +115,12 @@ AuthorizedKeysFile	.ssh/authorized_keys
- # no default banner path
- #Banner none
- 
-+# Accept locale-related environment variables
-+AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
-+AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
-+AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
-+AcceptEnv XMODIFIERS
-+
- # override default of no subsystems
- Subsystem	sftp	/usr/libexec/sftp-server
- 
diff --git a/openssh-7.7p1-redhat.patch b/openssh-7.7p1-redhat.patch
new file mode 100644
index 0000000..dc38d65
--- /dev/null
+++ b/openssh-7.7p1-redhat.patch
@@ -0,0 +1,164 @@
+diff -up openssh-7.7p1/ssh_config.redhat openssh-7.7p1/ssh_config
+--- openssh-7.7p1/ssh_config.redhat	2018-04-02 07:38:28.000000000 +0200
++++ openssh-7.7p1/ssh_config	2018-07-03 10:44:06.522245125 +0200
+@@ -44,3 +44,7 @@
+ #   VisualHostKey no
+ #   ProxyCommand ssh -q -W %h:%p gateway.example.com
+ #   RekeyLimit 1G 1h
++#
++# To modify the system-wide ssh configuration, create a  *.conf  file under
++#  /etc/ssh/ssh_config.d/  which will be automatically included below
++Include /etc/ssh/ssh_config.d/*.conf
+diff -up openssh-7.7p1/ssh_config_redhat.redhat openssh-7.7p1/ssh_config_redhat
+--- openssh-7.7p1/ssh_config_redhat.redhat	2018-07-03 10:44:06.522245125 +0200
++++ openssh-7.7p1/ssh_config_redhat	2018-07-03 10:44:06.522245125 +0200
+@@ -0,0 +1,20 @@
++# Follow system-wide Crypto Policy, if defined:
++Include /etc/crypto-policies/back-ends/openssh.config
++
++# Uncomment this if you want to use .local domain
++# Host *.local
++#   CheckHostIP no
++
++Host *
++	GSSAPIAuthentication yes
++
++# If this option is set to yes then remote X11 clients will have full access
++# to the original X11 display. As virtually no X11 client supports the untrusted
++# mode correctly we set this to yes.
++	ForwardX11Trusted yes
++
++# Send locale-related environment variables
++	SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
++	SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
++	SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE
++	SendEnv XMODIFIERS
+diff -up openssh-7.7p1/sshd_config.0.redhat openssh-7.7p1/sshd_config.0
+--- openssh-7.7p1/sshd_config.0.redhat	2018-04-02 07:39:27.000000000 +0200
++++ openssh-7.7p1/sshd_config.0	2018-07-03 10:44:06.523245133 +0200
+@@ -872,9 +872,9 @@ DESCRIPTION
+ 
+      SyslogFacility
+              Gives the facility code that is used when logging messages from
+-             sshd(8).  The possible values are: DAEMON, USER, AUTH, LOCAL0,
+-             LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.  The
+-             default is AUTH.
++             sshd(8).  The possible values are: DAEMON, USER, AUTH, AUTHPRIV,
++             LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
++             The default is AUTH.
+ 
+      TCPKeepAlive
+              Specifies whether the system should send TCP keepalive messages
+diff -up openssh-7.7p1/sshd_config.5.redhat openssh-7.7p1/sshd_config.5
+--- openssh-7.7p1/sshd_config.5.redhat	2018-04-02 07:38:28.000000000 +0200
++++ openssh-7.7p1/sshd_config.5	2018-07-03 10:44:06.523245133 +0200
+@@ -1461,7 +1461,7 @@ By default no subsystems are defined.
+ .It Cm SyslogFacility
+ Gives the facility code that is used when logging messages from
+ .Xr sshd 8 .
+-The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
++The possible values are: DAEMON, USER, AUTH, AUTHPRIV, LOCAL0, LOCAL1, LOCAL2,
+ LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
+ The default is AUTH.
+ .It Cm TCPKeepAlive
+diff -up openssh-7.7p1/sshd_config.redhat openssh-7.7p1/sshd_config
+--- openssh-7.7p1/sshd_config.redhat	2018-04-02 07:38:28.000000000 +0200
++++ openssh-7.7p1/sshd_config	2018-07-03 10:45:16.950782466 +0200
+@@ -10,20 +10,34 @@
+ # possible, but leave them commented.  Uncommented options override the
+ # default value.
+ 
++# If you want to change the port on a SELinux system, you have to tell
++# SELinux about this change.
++# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
++#
+ #Port 22
+ #AddressFamily any
+ #ListenAddress 0.0.0.0
+ #ListenAddress ::
+ 
+-#HostKey /etc/ssh/ssh_host_rsa_key
+-#HostKey /etc/ssh/ssh_host_ecdsa_key
+-#HostKey /etc/ssh/ssh_host_ed25519_key
++HostKey /etc/ssh/ssh_host_rsa_key
++HostKey /etc/ssh/ssh_host_ecdsa_key
++HostKey /etc/ssh/ssh_host_ed25519_key
+ 
+ # Ciphers and keying
+ #RekeyLimit default none
+ 
++# System-wide Crypto policy:
++# This system is following system-wide crypto policy. The changes to
++# Ciphers, MACs, KexAlgoritms and GSSAPIKexAlgorithsm will not have any
++# effect here. They will be overridden by command-line options passed on
++# the server start up.
++# To opt out, uncomment a line with redefinition of  CRYPTO_POLICY=
++# variable in  /etc/sysconfig/sshd  to overwrite the policy.
++# For more information, see manual page for update-crypto-policies(8).
++
+ # Logging
+ #SyslogFacility AUTH
++SyslogFacility AUTHPRIV
+ #LogLevel INFO
+ 
+ # Authentication:
+@@ -56,9 +70,11 @@ AuthorizedKeysFile	.ssh/authorized_keys
+ # To disable tunneled clear text passwords, change to no here!
+ #PasswordAuthentication yes
+ #PermitEmptyPasswords no
++PasswordAuthentication yes
+ 
+ # Change to no to disable s/key passwords
+ #ChallengeResponseAuthentication yes
++ChallengeResponseAuthentication no
+ 
+ # Kerberos options
+ #KerberosAuthentication no
+@@ -67,8 +83,8 @@ AuthorizedKeysFile	.ssh/authorized_keys
+ #KerberosGetAFSToken no
+ 
+ # GSSAPI options
+-#GSSAPIAuthentication no
+-#GSSAPICleanupCredentials yes
++GSSAPIAuthentication yes
++GSSAPICleanupCredentials no
+ 
+ # Set this to 'yes' to enable PAM authentication, account processing,
+ # and session processing. If this is enabled, PAM authentication will
+@@ -79,16 +95,20 @@ AuthorizedKeysFile	.ssh/authorized_keys
+ # If you just want the PAM account and session checks to run without
+ # PAM authentication, then enable this but set PasswordAuthentication
+ # and ChallengeResponseAuthentication to 'no'.
+-#UsePAM no
++UsePAM yes
+ 
+ #AllowAgentForwarding yes
+ #AllowTcpForwarding yes
+ #GatewayPorts no
+-#X11Forwarding no
++X11Forwarding yes
+ #X11DisplayOffset 10
+ #X11UseLocalhost yes
+ #PermitTTY yes
+-#PrintMotd yes
++
++# It is recommended to use pam_motd in /etc/pam.d/ssh instead of PrintMotd,
++# as it is more configurable and versatile than the built-in version.
++PrintMotd no
++
+ #PrintLastLog yes
+ #TCPKeepAlive yes
+ #UseLogin no
+@@ -106,6 +126,12 @@ AuthorizedKeysFile	.ssh/authorized_keys
+ # no default banner path
+ #Banner none
+ 
++# Accept locale-related environment variables
++AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
++AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
++AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
++AcceptEnv XMODIFIERS
++
+ # override default of no subsystems
+ Subsystem	sftp	/usr/libexec/sftp-server
+ 
diff --git a/openssh.spec b/openssh.spec
index 654565c..830247f 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -156,7 +156,7 @@ Patch702: openssh-5.1p1-askpass-progress.patch
 #https://bugzilla.redhat.com/show_bug.cgi?id=198332
 Patch703: openssh-4.3p2-askpass-grab-info.patch
 #https://bugzilla.mindrot.org/show_bug.cgi?id=1635 (WONTFIX)
-Patch707: openssh-6.6p1-redhat.patch
+Patch707: openssh-7.7p1-redhat.patch
 #https://bugzilla.mindrot.org/show_bug.cgi?id=1890 (WONTFIX) need integration to prng helper which is discontinued :)
 Patch708: openssh-6.6p1-entropy.patch
 #https://bugzilla.mindrot.org/show_bug.cgi?id=1640 (WONTFIX)