openssh

Description:Port of OpenBSD's free SSH release
License: BSD
Homepage:https://www.openssh.com/
Location:Portage
Legend:
  • + - stable
  • ~ - unstable
  • M - hardmask
alpha amd64 arm hppa ia64 m68k mips ppc ppc64 s390 sh sparc x86
8.1_p1-r1 diff ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
8.0_p1-r4 diff + + + + + + ~ + + + + + +
7.9_p1-r4 diff + + + + + + ~ + + + + + +
7.7_p1-r9 diff + + + + + + ~ + + + + + +
7.5_p1-r4 + + + + + + ~ + + + + + +

USE flags

  • abi_mips_n32 - 64-bit (32-bit pointer) libraries
  • audit - Enable support for Linux audit subsystem using sys-process/audit
  • bindist - Disable EC/RC5 algorithms in OpenSSL for patent reasons.
  • debug - Enable extra debug codepaths, like asserts and extra output. If you want to get meaningful backtraces see https://wiki.gentoo.org/wiki/Project:Quality_Assurance/Backtraces
  • hpn - Enable high performance ssh
  • kerberos - Add kerberos support
  • kernel_linux - KERNEL setting for system using the Linux kernel
  • ldap - Add support for storing SSH public keys in LDAP
  • ldns - Use LDNS for DNSSEC/SSHFP validation.
  • libedit - Use the libedit library (replacement for readline)
  • libressl - Use dev-libs/libressl instead of dev-libs/openssl when applicable (see also the ssl useflag)
  • livecd - Enable root password logins for live-cd environment.
  • pam - Add support for PAM (Pluggable Authentication Modules) - DANGEROUS to arbitrarily flip
  • pie - Build programs as Position Independent Executables (a security hardening technique)
  • sctp - Support for Stream Control Transmission Protocol
  • selinux - !!internal use only!! Security Enhanced Linux support, this must be set by the selinux profile or breakage will occur
  • skey - Enable S/Key (Single use password) authentication support
  • smartcard - Enable smartcard support
  • ssh1 - Support the legacy/weak SSH1 protocol
  • ssl - Enable additional crypto algorithms via OpenSSL
  • static - !!do not set this during bootstrap!! Causes binaries to be statically linked instead of dynamically
  • tcpd - Add support for TCP wrappers
  • test - Enable dependencies and/or preparations necessary to run tests (usually controlled by FEATURES=test but can be toggled independently)
  • X - Add support for X11
  • X509 - Adds support for X.509 certificate authentication
  • xmss - Enable XMSS post-quantum authentication algorithm

Security Advisory

Date Severity Title
about 1 month normal OpenSSH: Integer overflow
9 months normal OpenSSH: Multiple vulnerabilities
about 1 year low OpenSSH: User enumeration vulnerability
almost 2 years normal OpenSSH: Permission issue
about 3 years normal OpenSSH: Multiple vulnerabilities
almost 4 years normal OpenSSH: Multiple vulnerabilities
almost 4 years normal OpenSSH: Multiple vulnerabilities
over 5 years high OpenSSH: Multiple vulnerabilities
over 11 years normal OpenSSH: Privilege escalation
about 12 years low OpenSSH: Security bypass
about 13 years normal OpenSSH: Multiple Denial of Service vulnerabilities
about 13 years normal OpenSSH: Denial of Service
almost 14 years low OpenSSH, Dropbear: Insecure use of system() call

Also available in: Atom

Thank you!