openssh

USE флаги

• abi_mips_n32 - 64-bit (32-bit pointer) libraries
• audit - Enable support for Linux audit subsystem using sys-process/audit
• debug - Enable extra debug codepaths, like asserts and extra output. If you want to get meaningful backtraces see https://wiki.gentoo.org/wiki/Project:Quality_Assurance/Backtraces
• kerberos - Add kerberos support
• ldns - Use LDNS for DNSSEC/SSHFP validation.
• libedit - Use the libedit library (replacement for readline)
• livecd - Enable root password logins for live-cd environment.
• pam - Add support for PAM (Pluggable Authentication Modules) - DANGEROUS to arbitrarily flip
• pie - Build programs as Position Independent Executables (a security hardening technique)
• sctp - Support for Stream Control Transmission Protocol
• security-key - Include builtin U2F/FIDO support
• selinux - !!internal use only!! Security Enhanced Linux support, this must be set by the selinux profile or breakage will occur
• ssl - Enable additional crypto algorithms via OpenSSL
• static - !!do not set this during bootstrap!! Causes binaries to be statically linked instead of dynamically
• test - Enable dependencies and/or preparations necessary to run tests (usually controlled by FEATURES=test but can be toggled independently)
• verify-sig - Verify upstream signatures on distfiles
• X - Add support for X11
• xmss - Enable XMSS post-quantum authentication algorithm

Советы по безопасности