openssh

Description:Port of OpenBSD's free SSH release
License: BSD
Homepage:https://www.openssh.com/
Location:Portage
Legend:
  • + - stable
  • ~ - unstable
  • M - hardmask
alpha amd64 arm hppa ia64 m68k mips ppc ppc64 s390 sh sparc x86
8.3_p1-r4 diff ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ - ~ ~
8.2_p1-r6 diff ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ - ~ ~
8.1_p1-r3 ~ + + + ~ ~ ~ + + + - + +

USE flags

  • abi_mips_n32 - 64-bit (32-bit pointer) libraries
  • audit - Enable support for Linux audit subsystem using sys-process/audit
  • bindist - Disable EC/RC5 algorithms in OpenSSL for patent reasons.
  • debug - Enable extra debug codepaths, like asserts and extra output. If you want to get meaningful backtraces see https://wiki.gentoo.org/wiki/Project:Quality_Assurance/Backtraces
  • hpn - Enable high performance ssh
  • kerberos - Add kerberos support
  • kernel_linux - KERNEL setting for system using the Linux kernel
  • ldns - Use LDNS for DNSSEC/SSHFP validation.
  • libedit - Use the libedit library (replacement for readline)
  • libressl - Use dev-libs/libressl instead of dev-libs/openssl when applicable (see also the ssl useflag)
  • livecd - Enable root password logins for live-cd environment.
  • pam - Add support for PAM (Pluggable Authentication Modules) - DANGEROUS to arbitrarily flip
  • pie - Build programs as Position Independent Executables (a security hardening technique)
  • scp - Enable scp command with known security problems. See bug 733802
  • sctp - Support for Stream Control Transmission Protocol
  • security-key - Include builtin U2F/FIDO support
  • selinux - !!internal use only!! Security Enhanced Linux support, this must be set by the selinux profile or breakage will occur
  • skey - Enable S/Key (Single use password) authentication support
  • smartcard - Enable smartcard support
  • ssl - Enable additional crypto algorithms via OpenSSL
  • static - !!do not set this during bootstrap!! Causes binaries to be statically linked instead of dynamically
  • tcpd - Add support for TCP wrappers
  • test - Enable dependencies and/or preparations necessary to run tests (usually controlled by FEATURES=test but can be toggled independently)
  • X - Add support for X11
  • X509 - Adds support for X.509 certificate authentication
  • xmss - Enable XMSS post-quantum authentication algorithm

Security Advisory

Date Severity Title
9 months normal OpenSSH: Integer overflow
over 1 year normal OpenSSH: Multiple vulnerabilities
almost 2 years low OpenSSH: User enumeration vulnerability
over 2 years normal OpenSSH: Permission issue
over 3 years normal OpenSSH: Multiple vulnerabilities
over 4 years normal OpenSSH: Multiple vulnerabilities
over 4 years normal OpenSSH: Multiple vulnerabilities
about 6 years high OpenSSH: Multiple vulnerabilities
over 12 years normal OpenSSH: Privilege escalation
almost 13 years low OpenSSH: Security bypass
over 13 years normal OpenSSH: Multiple Denial of Service vulnerabilities
almost 14 years normal OpenSSH: Denial of Service
over 14 years low OpenSSH, Dropbear: Insecure use of system() call

Also available in: Atom

Thank you!