freebsd-dev/crypto/openssh
Ed Maste 4d3fc8b057 ssh: Update to OpenSSH 9.3p1
This release fixes a number of security bugs and has minor new
features and bug fixes.  Security fixes, from the release notes
(https://www.openssh.com/txt/release-9.3):

This release contains fixes for a security problem and a memory
safety problem. The memory safety problem is not believed to be
exploitable, but we report most network-reachable memory faults as
security bugs.

 * ssh-add(1): when adding smartcard keys to ssh-agent(1) with the
   per-hop destination constraints (ssh-add -h ...) added in OpenSSH
   8.9, a logic error prevented the constraints from being
   communicated to the agent. This resulted in the keys being added
   without constraints. The common cases of non-smartcard keys and
   keys without destination constraints are unaffected. This problem
   was reported by Luci Stanescu.

 * ssh(1): Portable OpenSSH provides an implementation of the
   getrrsetbyname(3) function if the standard library does not
   provide it, for use by the VerifyHostKeyDNS feature. A
   specifically crafted DNS response could cause this function to
   perform an out-of-bounds read of adjacent stack data, but this
   condition does not appear to be exploitable beyond denial-of-
   service to the ssh(1) client.

   The getrrsetbyname(3) replacement is only included if the system's
   standard library lacks this function and portable OpenSSH was not
   compiled with the ldns library (--with-ldns). getrrsetbyname(3) is
   only invoked if using VerifyHostKeyDNS to fetch SSHFP records. This
   problem was found by the Coverity static analyzer.

Sponsored by:	The FreeBSD Foundation
2023-03-16 10:29:55 -04:00
..
.github ssh: Update to OpenSSH 9.3p1 2023-03-16 10:29:55 -04:00
contrib ssh: Update to OpenSSH 9.3p1 2023-03-16 10:29:55 -04:00
m4 ssh: update to OpenSSH v9.0p1 2022-04-15 10:41:08 -04:00
openbsd-compat ssh: Update to OpenSSH 9.3p1 2023-03-16 10:29:55 -04:00
regress ssh: Update to OpenSSH 9.3p1 2023-03-16 10:29:55 -04:00
.depend ssh: Update to OpenSSH 9.3p1 2023-03-16 10:29:55 -04:00
.git_allowed_signers ssh: update to OpenSSH 9.1p1 2022-10-19 10:27:11 -04:00
.git_allowed_signers.asc ssh: update to OpenSSH 9.1p1 2022-10-19 10:27:11 -04:00
.gitignore openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
.skipped-commit-ids ssh: update to OpenSSH 9.2p1 2023-02-06 16:54:56 -05:00
aclocal.m4 ssh: update to OpenSSH 9.2p1 2023-02-06 16:54:56 -05:00
addr.c ssh: update to OpenSSH 9.2p1 2023-02-06 16:54:56 -05:00
addr.h ssh: update to OpenSSH 9.2p1 2023-02-06 16:54:56 -05:00
addrmatch.c openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
atomicio.c ssh: update to OpenSSH v8.9p1 2022-04-13 16:00:56 -04:00
atomicio.h openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
audit-bsm.c openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
audit-linux.c openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
audit.c openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
audit.h openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
auth2-chall.c openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
auth2-gss.c ssh: update to OpenSSH v8.9p1 2022-04-13 16:00:56 -04:00
auth2-hostbased.c ssh: Update to OpenSSH 9.3p1 2023-03-16 10:29:55 -04:00
auth2-kbdint.c ssh: update to OpenSSH v8.9p1 2022-04-13 16:00:56 -04:00
auth2-none.c ssh: Update to OpenSSH 9.3p1 2023-03-16 10:29:55 -04:00
auth2-passwd.c ssh: update to OpenSSH 9.1p1 2022-10-19 10:27:11 -04:00
auth2-pubkey.c ssh: Update to OpenSSH 9.3p1 2023-03-16 10:29:55 -04:00
auth2-pubkeyfile.c ssh: Update to OpenSSH 9.3p1 2023-03-16 10:29:55 -04:00
auth2.c ssh: Update to OpenSSH 9.3p1 2023-03-16 10:29:55 -04:00
auth-bsdauth.c openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
auth-krb5.c openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
auth-options.c ssh: update to OpenSSH v8.9p1 2022-04-13 16:00:56 -04:00
auth-options.h openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
auth-pam.c ssh: Update to OpenSSH 9.3p1 2023-03-16 10:29:55 -04:00
auth-pam.h openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
auth-passwd.c openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
auth-rhosts.c ssh: update to OpenSSH 9.2p1 2023-02-06 16:54:56 -05:00
auth-shadow.c ssh: Update to OpenSSH 9.3p1 2023-03-16 10:29:55 -04:00
auth-sia.c Upgrade to OpenSSH 7.8p1. 2018-09-10 16:20:12 +00:00
auth-sia.h
auth.c ssh: Update to OpenSSH 9.3p1 2023-03-16 10:29:55 -04:00
auth.h ssh: update to OpenSSH 9.1p1 2022-10-19 10:27:11 -04:00
authfd.c ssh: Update to OpenSSH 9.3p1 2023-03-16 10:29:55 -04:00
authfd.h ssh: update to OpenSSH v8.9p1 2022-04-13 16:00:56 -04:00
authfile.c ssh: Update to OpenSSH 9.3p1 2023-03-16 10:29:55 -04:00
authfile.h openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
bitmap.c Upgrade to OpenSSH 7.7p1. 2018-05-11 13:22:43 +00:00
bitmap.h Upgrade to OpenSSH 7.7p1. 2018-05-11 13:22:43 +00:00
blacklist_client.h openssh: pass ssh context to BLACKLIST_NOTIFY 2021-09-14 13:44:39 -04:00
blacklist.c openssh: pass ssh context to BLACKLIST_NOTIFY 2021-09-14 13:44:39 -04:00
buildpkg.sh.in openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
canohost.c ssh: Update to OpenSSH 9.3p1 2023-03-16 10:29:55 -04:00
canohost.h
chacha.c
chacha.h openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
ChangeLog ssh: Update to OpenSSH 9.3p1 2023-03-16 10:29:55 -04:00
channels.c ssh: Update to OpenSSH 9.3p1 2023-03-16 10:29:55 -04:00
channels.h ssh: Update to OpenSSH 9.3p1 2023-03-16 10:29:55 -04:00
cipher-aes.c
cipher-aesctr.c
cipher-aesctr.h
cipher-chachapoly-libcrypto.c openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
cipher-chachapoly.c openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
cipher-chachapoly.h openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
cipher.c ssh: update to OpenSSH 9.1p1 2022-10-19 10:27:11 -04:00
cipher.h openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
cleanup.c
clientloop.c ssh: Update to OpenSSH 9.3p1 2023-03-16 10:29:55 -04:00
clientloop.h openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
compat.c ssh: Update to OpenSSH 9.3p1 2023-03-16 10:29:55 -04:00
compat.h ssh: Update to OpenSSH 9.3p1 2023-03-16 10:29:55 -04:00
config.guess ssh: update to OpenSSH 9.2p1 2023-02-06 16:54:56 -05:00
config.h ssh: fix SIZEOF_TIME_T #define on i386 2023-02-08 18:34:09 -05:00
config.sub ssh: update to OpenSSH 9.2p1 2023-02-06 16:54:56 -05:00
configure.ac ssh: update to OpenSSH 9.2p1 2023-02-06 16:54:56 -05:00
CREDITS openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
crypto_api.h ssh: update to OpenSSH 9.2p1 2023-02-06 16:54:56 -05:00
defines.h ssh: update to OpenSSH v8.9p1 2022-04-13 16:00:56 -04:00
dh.c openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
dh.h openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
digest-libc.c ssh: update to OpenSSH v8.9p1 2022-04-13 16:00:56 -04:00
digest-openssl.c openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
digest.h
dispatch.c ssh: Update to OpenSSH 9.3p1 2023-03-16 10:29:55 -04:00
dispatch.h openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
dns.c ssh: Update to OpenSSH 9.3p1 2023-03-16 10:29:55 -04:00
dns.h ssh: Update to OpenSSH 9.3p1 2023-03-16 10:29:55 -04:00
ed25519.c ssh: update to OpenSSH 9.2p1 2023-02-06 16:54:56 -05:00
ed25519.sh ssh: update to OpenSSH 9.2p1 2023-02-06 16:54:56 -05:00
entropy.c ssh: update to OpenSSH 9.2p1 2023-02-06 16:54:56 -05:00
entropy.h Upgrade to OpenSSH 7.8p1. 2018-09-10 16:20:12 +00:00
fatal.c openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
fixalgorithms
fixpaths
freebsd-configure.sh ssh: drop $FreeBSD$ from crypto/openssh 2022-04-22 19:12:23 -04:00
freebsd-namespace.sh ssh: drop $FreeBSD$ from crypto/openssh 2022-04-22 19:12:23 -04:00
FREEBSD-upgrade ssh: update FREEBSD-upgrade instructions 2023-03-15 13:37:49 -04:00
groupaccess.c openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
groupaccess.h
gss-genr.c ssh: update to OpenSSH v8.9p1 2022-04-13 16:00:56 -04:00
gss-serv-krb5.c Upgrade to OpenSSH 7.8p1. 2018-09-10 16:20:12 +00:00
gss-serv.c openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
hash.c openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
hmac.c openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
hmac.h
hostfile.c ssh: Update to OpenSSH 9.3p1 2023-03-16 10:29:55 -04:00
hostfile.h openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
includes.h ssh: update to OpenSSH v8.9p1 2022-04-13 16:00:56 -04:00
INSTALL ssh: update to OpenSSH 9.2p1 2023-02-06 16:54:56 -05:00
install-sh ssh: update to OpenSSH 9.2p1 2023-02-06 16:54:56 -05:00
kex.c ssh: Update to OpenSSH 9.3p1 2023-03-16 10:29:55 -04:00
kex.h ssh: Update to OpenSSH 9.3p1 2023-03-16 10:29:55 -04:00
kexc25519.c openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
kexdh.c openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
kexecdh.c openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
kexgen.c ssh: update to OpenSSH v8.9p1 2022-04-13 16:00:56 -04:00
kexgex.c openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
kexgexc.c ssh: update to OpenSSH v8.9p1 2022-04-13 16:00:56 -04:00
kexgexs.c ssh: Update to OpenSSH 9.3p1 2023-03-16 10:29:55 -04:00
kexsntrup761x25519.c ssh: update to OpenSSH v8.9p1 2022-04-13 16:00:56 -04:00
krb5_config.h ssh: drop $FreeBSD$ from crypto/openssh 2022-04-22 19:12:23 -04:00
krl.c ssh: Update to OpenSSH 9.3p1 2023-03-16 10:29:55 -04:00
krl.h openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
LICENCE ssh: update to OpenSSH 9.1p1 2022-10-19 10:27:11 -04:00
log.c ssh: update to OpenSSH v8.8p1 2021-12-19 11:02:02 -05:00
log.h openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
loginrec.c ssh: update to OpenSSH v8.9p1 2022-04-13 16:00:56 -04:00
loginrec.h openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
logintest.c openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
mac.c openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
mac.h
Makefile.in ssh: Update to OpenSSH 9.3p1 2023-03-16 10:29:55 -04:00
match.c openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
match.h openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
mdoc2man.awk Upgrade to OpenSSH 7.7p1. 2018-05-11 13:22:43 +00:00
misc.c ssh: Update to OpenSSH 9.3p1 2023-03-16 10:29:55 -04:00
misc.h ssh: Update to OpenSSH 9.3p1 2023-03-16 10:29:55 -04:00
mkinstalldirs Upgrade to OpenSSH 7.7p1. 2018-05-11 13:22:43 +00:00
moduli ssh: update to OpenSSH 9.2p1 2023-02-06 16:54:56 -05:00
moduli.5 ssh: update to OpenSSH 9.1p1 2022-10-19 10:27:11 -04:00
moduli.c ssh: Update to OpenSSH 9.3p1 2023-03-16 10:29:55 -04:00
monitor_fdpass.c openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
monitor_fdpass.h
monitor_wrap.c ssh: update to OpenSSH 9.2p1 2023-02-06 16:54:56 -05:00
monitor_wrap.h ssh: update to OpenSSH 9.1p1 2022-10-19 10:27:11 -04:00
monitor.c ssh: Update to OpenSSH 9.3p1 2023-03-16 10:29:55 -04:00
monitor.h openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
msg.c openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
msg.h
mux.c ssh: Update to OpenSSH 9.3p1 2023-03-16 10:29:55 -04:00
myproposal.h ssh: update to OpenSSH v9.0p1 2022-04-15 10:41:08 -04:00
nchan2.ms
nchan.c ssh: update to OpenSSH v8.9p1 2022-04-13 16:00:56 -04:00
nchan.ms
openssh.xml.in
opensshd.init.in ssh: update to OpenSSH v8.8p1 2021-12-19 11:02:02 -05:00
OVERVIEW openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
packet.c ssh: Update to OpenSSH 9.3p1 2023-03-16 10:29:55 -04:00
packet.h ssh: update to OpenSSH v8.9p1 2022-04-13 16:00:56 -04:00
pathnames.h ssh: drop $FreeBSD$ from crypto/openssh 2022-04-22 19:12:23 -04:00
pkcs11.h
platform-misc.c
platform-pledge.c
platform-tracing.c ssh: update comment text to match upstream 2022-11-09 11:32:47 -05:00
platform.c ssh: update to OpenSSH v9.0p1 2022-04-15 10:41:08 -04:00
platform.h ssh: update to OpenSSH v9.0p1 2022-04-15 10:41:08 -04:00
poly1305.c
poly1305.h
progressmeter.c ssh: Update to OpenSSH 9.3p1 2023-03-16 10:29:55 -04:00
progressmeter.h openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
PROTOCOL ssh: update to OpenSSH 9.2p1 2023-02-06 16:54:56 -05:00
PROTOCOL.agent ssh: update to OpenSSH 9.1p1 2022-10-19 10:27:11 -04:00
PROTOCOL.certkeys openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
PROTOCOL.chacha20poly1305 openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
PROTOCOL.key ssh: update to OpenSSH 9.1p1 2022-10-19 10:27:11 -04:00
PROTOCOL.krl Upgrade to OpenSSH 7.9p1. 2020-02-14 19:06:59 +00:00
PROTOCOL.mux ssh: update to OpenSSH v8.9p1 2022-04-13 16:00:56 -04:00
PROTOCOL.sshsig openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
PROTOCOL.u2f openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
readconf.c ssh: Update to OpenSSH 9.3p1 2023-03-16 10:29:55 -04:00
readconf.h ssh: update to OpenSSH 9.2p1 2023-02-06 16:54:56 -05:00
README ssh: Update to OpenSSH 9.3p1 2023-03-16 10:29:55 -04:00
README.dns openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
README.md ssh: Update to OpenSSH 9.3p1 2023-03-16 10:29:55 -04:00
README.platform openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
README.privsep openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
README.tun
readpass.c ssh: update to OpenSSH 9.1p1 2022-10-19 10:27:11 -04:00
rijndael.c
rijndael.h ssh: update to OpenSSH v8.9p1 2022-04-13 16:00:56 -04:00
sandbox-capsicum.c ssh: update to OpenSSH 9.1p1 2022-10-19 10:27:11 -04:00
sandbox-darwin.c openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
sandbox-null.c
sandbox-pledge.c openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
sandbox-rlimit.c openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
sandbox-seccomp-filter.c ssh: Update to OpenSSH 9.3p1 2023-03-16 10:29:55 -04:00
sandbox-solaris.c
sandbox-systrace.c openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
scp.1 ssh: update to OpenSSH 9.2p1 2023-02-06 16:54:56 -05:00
scp.c ssh: Update to OpenSSH 9.3p1 2023-03-16 10:29:55 -04:00
SECURITY.md ssh: update to OpenSSH v8.9p1 2022-04-13 16:00:56 -04:00
servconf.c ssh: Update to OpenSSH 9.3p1 2023-03-16 10:29:55 -04:00
servconf.h ssh: update to OpenSSH 9.2p1 2023-02-06 16:54:56 -05:00
serverloop.c ssh: Update to OpenSSH 9.3p1 2023-03-16 10:29:55 -04:00
serverloop.h
session.c ssh: Update to OpenSSH 9.3p1 2023-03-16 10:29:55 -04:00
session.h ssh: update to OpenSSH 9.2p1 2023-02-06 16:54:56 -05:00
sftp-client.c ssh: Update to OpenSSH 9.3p1 2023-03-16 10:29:55 -04:00
sftp-client.h ssh: update to OpenSSH 9.1p1 2022-10-19 10:27:11 -04:00
sftp-common.c ssh: update to OpenSSH 9.1p1 2022-10-19 10:27:11 -04:00
sftp-common.h ssh: update to OpenSSH 9.1p1 2022-10-19 10:27:11 -04:00
sftp-glob.c ssh: update to OpenSSH 9.2p1 2023-02-06 16:54:56 -05:00
sftp-realpath.c ssh: update to OpenSSH v8.8p1 2021-12-19 11:02:02 -05:00
sftp-server-main.c ssh: update to OpenSSH 9.1p1 2022-10-19 10:27:11 -04:00
sftp-server.8 openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
sftp-server.c ssh: Update to OpenSSH 9.3p1 2023-03-16 10:29:55 -04:00
sftp-usergroup.c ssh: update to OpenSSH 9.1p1 2022-10-19 10:27:11 -04:00
sftp-usergroup.h ssh: update to OpenSSH 9.1p1 2022-10-19 10:27:11 -04:00
sftp.1 ssh: update to OpenSSH 9.2p1 2023-02-06 16:54:56 -05:00
sftp.c ssh: Update to OpenSSH 9.3p1 2023-03-16 10:29:55 -04:00
sftp.h
sk_config.h ssh: update to OpenSSH 9.1p1 2022-10-19 10:27:11 -04:00
sk-api.h ssh: update to OpenSSH 9.1p1 2022-10-19 10:27:11 -04:00
sk-usbhid.c ssh: update to OpenSSH 9.1p1 2022-10-19 10:27:11 -04:00
smult_curve25519_ref.c
sntrup761.c ssh: update to OpenSSH 9.2p1 2023-02-06 16:54:56 -05:00
sntrup761.sh ssh: update to OpenSSH 9.2p1 2023-02-06 16:54:56 -05:00
srclimit.c openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
srclimit.h openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
ssh2.h openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
ssh_api.c openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
ssh_api.h Upgrade to OpenSSH 7.8p1. 2018-09-10 16:20:12 +00:00
ssh_config ssh: default VerifyHostKeyDNS to no, following upstream 2023-03-01 09:19:07 -05:00
ssh_config.5 ssh: Update to OpenSSH 9.3p1 2023-03-16 10:29:55 -04:00
ssh_namespace.h ssh: Update to OpenSSH 9.3p1 2023-03-16 10:29:55 -04:00
ssh-add.1 ssh: update to OpenSSH v8.9p1 2022-04-13 16:00:56 -04:00
ssh-add.c ssh: Update to OpenSSH 9.3p1 2023-03-16 10:29:55 -04:00
ssh-agent.1 ssh: update to OpenSSH 9.2p1 2023-02-06 16:54:56 -05:00
ssh-agent.c ssh: Update to OpenSSH 9.3p1 2023-03-16 10:29:55 -04:00
ssh-dss.c ssh: Update to OpenSSH 9.3p1 2023-03-16 10:29:55 -04:00
ssh-ecdsa-sk.c ssh: Update to OpenSSH 9.3p1 2023-03-16 10:29:55 -04:00
ssh-ecdsa.c ssh: Update to OpenSSH 9.3p1 2023-03-16 10:29:55 -04:00
ssh-ed25519-sk.c ssh: update to OpenSSH 9.2p1 2023-02-06 16:54:56 -05:00
ssh-ed25519.c ssh: update to OpenSSH 9.2p1 2023-02-06 16:54:56 -05:00
ssh-gss.h ssh: drop $FreeBSD$ from crypto/openssh 2022-04-22 19:12:23 -04:00
ssh-keygen.1 ssh: Update to OpenSSH 9.3p1 2023-03-16 10:29:55 -04:00
ssh-keygen.c ssh: Update to OpenSSH 9.3p1 2023-03-16 10:29:55 -04:00
ssh-keyscan.1 ssh: Update to OpenSSH 9.3p1 2023-03-16 10:29:55 -04:00
ssh-keyscan.c ssh: Update to OpenSSH 9.3p1 2023-03-16 10:29:55 -04:00
ssh-keysign.8 ssh: update to OpenSSH v9.0p1 2022-04-15 10:41:08 -04:00
ssh-keysign.c ssh-keysign: fix double free in error path 2022-10-04 16:34:37 -04:00
ssh-pkcs11-client.c ssh: update to OpenSSH v8.9p1 2022-04-13 16:00:56 -04:00
ssh-pkcs11-helper.8 ssh: update to OpenSSH 9.1p1 2022-10-19 10:27:11 -04:00
ssh-pkcs11-helper.c ssh: update to OpenSSH v8.9p1 2022-04-13 16:00:56 -04:00
ssh-pkcs11.c ssh: Update to OpenSSH 9.3p1 2023-03-16 10:29:55 -04:00
ssh-pkcs11.h openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
ssh-rsa.c ssh: Update to OpenSSH 9.3p1 2023-03-16 10:29:55 -04:00
ssh-sandbox.h
ssh-sk-client.c ssh: update to OpenSSH v8.9p1 2022-04-13 16:00:56 -04:00
ssh-sk-helper.8 ssh: update to OpenSSH 9.1p1 2022-10-19 10:27:11 -04:00
ssh-sk-helper.c ssh: update to OpenSSH 9.2p1 2023-02-06 16:54:56 -05:00
ssh-sk.c ssh: update to OpenSSH 9.1p1 2022-10-19 10:27:11 -04:00
ssh-sk.h ssh: update to OpenSSH v8.9p1 2022-04-13 16:00:56 -04:00
ssh-xmss.c ssh: update to OpenSSH 9.2p1 2023-02-06 16:54:56 -05:00
ssh.1 ssh: update to OpenSSH 9.2p1 2023-02-06 16:54:56 -05:00
ssh.c ssh: Update to OpenSSH 9.3p1 2023-03-16 10:29:55 -04:00
ssh.h openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
sshbuf-getput-basic.c ssh: update to OpenSSH 9.1p1 2022-10-19 10:27:11 -04:00
sshbuf-getput-crypto.c ssh: update to OpenSSH 9.1p1 2022-10-19 10:27:11 -04:00
sshbuf-io.c openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
sshbuf-misc.c ssh: update to OpenSSH v8.9p1 2022-04-13 16:00:56 -04:00
sshbuf.c ssh: update to OpenSSH 9.2p1 2023-02-06 16:54:56 -05:00
sshbuf.h ssh: update to OpenSSH 9.2p1 2023-02-06 16:54:56 -05:00
sshconnect2.c ssh: Update to OpenSSH 9.3p1 2023-03-16 10:29:55 -04:00
sshconnect.c ssh: Update to OpenSSH 9.3p1 2023-03-16 10:29:55 -04:00
sshconnect.h openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
sshd_config ssh: Update to OpenSSH 9.3p1 2023-03-16 10:29:55 -04:00
sshd_config.5 ssh: Update to OpenSSH 9.3p1 2023-03-16 10:29:55 -04:00
sshd.8 ssh: Update to OpenSSH 9.3p1 2023-03-16 10:29:55 -04:00
sshd.c ssh: Update to OpenSSH 9.3p1 2023-03-16 10:29:55 -04:00
ssherr.c openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
ssherr.h openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
sshkey-xmss.c ssh: update to OpenSSH 9.2p1 2023-02-06 16:54:56 -05:00
sshkey-xmss.h ssh: update to OpenSSH 9.2p1 2023-02-06 16:54:56 -05:00
sshkey.c ssh: update to OpenSSH 9.2p1 2023-02-06 16:54:56 -05:00
sshkey.h ssh: update to OpenSSH 9.2p1 2023-02-06 16:54:56 -05:00
sshlogin.c ssh: update to OpenSSH 9.1p1 2022-10-19 10:27:11 -04:00
sshlogin.h
sshpty.c openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
sshpty.h
sshsig.c ssh-keygen: fix double free in error path 2022-10-04 16:33:11 -04:00
sshsig.h ssh: update to OpenSSH v8.9p1 2022-04-13 16:00:56 -04:00
sshtty.c
survey.sh.in
TODO Upgrade to OpenSSH 7.8p1. 2018-09-10 16:20:12 +00:00
ttymodes.c openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
ttymodes.h
uidswap.c openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
uidswap.h Upgrade to OpenSSH 7.8p1. 2018-09-10 16:20:12 +00:00
umac128.c ssh: drop $FreeBSD$ from crypto/openssh 2022-04-22 19:12:23 -04:00
umac.c ssh: Update to OpenSSH 9.3p1 2023-03-16 10:29:55 -04:00
umac.h ssh: update to OpenSSH v8.9p1 2022-04-13 16:00:56 -04:00
utf8.c openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
utf8.h openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
version.h ssh: Update to OpenSSH 9.3p1 2023-03-16 10:29:55 -04:00
xmalloc.c ssh: update to OpenSSH v9.0p1 2022-04-15 10:41:08 -04:00
xmalloc.h openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
xmss_commons.c openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
xmss_commons.h Upgrade to OpenSSH 7.7p1. 2018-05-11 13:22:43 +00:00
xmss_fast.c openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
xmss_fast.h Upgrade to OpenSSH 7.7p1. 2018-05-11 13:22:43 +00:00
xmss_hash_address.c openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
xmss_hash_address.h Upgrade to OpenSSH 7.7p1. 2018-05-11 13:22:43 +00:00
xmss_hash.c ssh: update to OpenSSH 9.1p1 2022-10-19 10:27:11 -04:00
xmss_hash.h Upgrade to OpenSSH 7.7p1. 2018-05-11 13:22:43 +00:00
xmss_wots.c openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
xmss_wots.h Upgrade to OpenSSH 7.7p1. 2018-05-11 13:22:43 +00:00

Portable OpenSSH

C/C++ CI Fuzzing Status Coverity Status

OpenSSH is a complete implementation of the SSH protocol (version 2) for secure remote login, command execution and file transfer. It includes a client ssh and server sshd, file transfer utilities scp and sftp as well as tools for key generation (ssh-keygen), run-time key storage (ssh-agent) and a number of supporting programs.

This is a port of OpenBSD's OpenSSH to most Unix-like operating systems, including Linux, OS X and Cygwin. Portable OpenSSH polyfills OpenBSD APIs that are not available elsewhere, adds sshd sandboxing for more operating systems and includes support for OS-native authentication and auditing (e.g. using PAM).

Documentation

The official documentation for OpenSSH are the man pages for each tool:

Stable Releases

Stable release tarballs are available from a number of download mirrors. We recommend the use of a stable release for most users. Please read the release notes for details of recent changes and potential incompatibilities.

Building Portable OpenSSH

Dependencies

Portable OpenSSH is built using autoconf and make. It requires a working C compiler, standard library and headers.

libcrypto from either LibreSSL or OpenSSL may also be used. OpenSSH may be built without either of these, but the resulting binaries will have only a subset of the cryptographic algorithms normally available.

zlib is optional; without it transport compression is not supported.

FIDO security token support needs libfido2 and its dependencies and will be enabled automatically if they are found.

In addition, certain platforms and build-time options may require additional dependencies; see README.platform for details about your platform.

Building a release

Releases include a pre-built copy of the configure script and may be built using:

tar zxvf openssh-X.YpZ.tar.gz
cd openssh
./configure # [options]
make && make tests

See the Build-time Customisation section below for configure options. If you plan on installing OpenSSH to your system, then you will usually want to specify destination paths.

Building from git

If building from git, you'll need autoconf installed to build the configure script. The following commands will check out and build portable OpenSSH from git:

git clone https://github.com/openssh/openssh-portable # or https://anongit.mindrot.org/openssh.git
cd openssh-portable
autoreconf
./configure
make && make tests

Build-time Customisation

There are many build-time customisation options available. All Autoconf destination path flags (e.g. --prefix) are supported (and are usually required if you want to install OpenSSH).

For a full list of available flags, run ./configure --help but a few of the more frequently-used ones are described below. Some of these flags will require additional libraries and/or headers be installed.

Flag Meaning
--with-pam Enable PAM support. OpenPAM, Linux PAM and Solaris PAM are supported.
--with-libedit Enable libedit support for sftp.
--with-kerberos5 Enable Kerberos/GSSAPI support. Both Heimdal and MIT Kerberos implementations are supported.
--with-selinux Enable SELinux support.

Development

Portable OpenSSH development is discussed on the openssh-unix-dev mailing list (archive mirror). Bugs and feature requests are tracked on our Bugzilla.

Reporting bugs

Non-security bugs may be reported to the developers via Bugzilla or via the mailing list above. Security bugs should be reported to openssh@openssh.com.