sigma/openssh
1
0
Fork 0
mirror of https://github.com/openssh/openssh-portable.git synced 2026-03-06 17:00:41 +00:00
Code Releases Activity
Portable OpenSSH
13,540 commits 72 branches 162 tags 80 MiB
Find a file
Exact
dtucker@openbsd.org 4e15f7fc0c
 upstream: Move OpenBSD CVS ID marker to top of file to avoid conflicts 
when syncing changes to portable.

OpenBSD-Regress-ID: 6b7a9ef354e13e26ed474e98d04ec1d74e56e54e
2026-03-06 18:31:44 +11:00
.github Remove BoringSSL rpath as it's statically linked. 2026-03-01 09:41:39 +11:00
contrib update versions 2025-10-06 12:51:13 +11:00
m4 wrap some autoconf macros in AC_CACHE_CHECK 2025-07-02 13:47:38 +10:00
openbsd-compat Pull in rev 1.17 for spelling fix. 2025-11-18 20:14:44 +11:00
regress upstream: Move OpenBSD CVS ID marker to top of file to avoid conflicts 2026-03-06 18:31:44 +11:00
.depend rename openbsd-compat sha2.h -> bsd-sha2.h 2025-10-31 11:16:29 +11:00
.git_allowed_signers Add new hardware-backed signing key for myself. 2024-12-06 23:54:45 +11:00
.git_allowed_signers.asc add new token-based signing key for dtucker@ 2024-03-30 16:05:59 +11:00
.gitignore gitignore: ignore all *~ files 2025-10-14 18:37:40 +11:00
.skipped-commit-ids upstream: Prepare for gcc 3 leaving the building, COMPILER_VERSION 2025-10-30 14:20:53 +11:00
addr.c upstream: Replace all remaining instances of u_intXX_t types with the 2026-03-03 21:04:04 +11:00
addr.h upstream: Replace all remaining instances of u_intXX_t types with the 2026-03-03 21:04:04 +11:00
addrmatch.c upstream: remove unneeded includes; ok dtucker@ 2026-02-15 19:49:47 -05:00
atomicio.c Create replacement poll.h if needed. 2025-09-05 17:17:52 +10:00
atomicio.h upstream: move client/server SSH-* banners to buffers under 2018-12-27 14:38:22 +11:00
audit-bsm.c upstream: Replace all remaining instances of u_intXX_t types with the 2026-03-03 21:04:04 +11:00
audit-linux.c Don't log audit messages with UNKNOWN hostname 2025-09-30 09:51:51 +10:00
audit.c last bits of old packet API / active_state global 2019-01-20 14:55:27 +11:00
audit.h last bits of old packet API / active_state global 2019-01-20 14:55:27 +11:00
auth-bsdauth.c upstream: remove vestige of when we supported running without privsep 2026-02-06 12:26:23 +11:00
auth-krb5.c upstream: Reorder headers according to KNF, 2026-02-09 09:47:11 +11:00
auth-options.c Shim <sys/queue.h> and <sys/tree.h>. 2026-02-10 13:17:13 +11:00
auth-options.h upstream: make authorized_keys environment="..." directives 2021-07-23 14:07:19 +10:00
auth-pam.c Removed duplicate includes; spotted by jsg@. 2026-02-16 18:32:41 -05:00
auth-pam.h Remove do_pam_chauthtok since it's no longer used. 2026-02-11 16:57:26 -05:00
auth-passwd.c upstream: convert a last quad_t to int64_t. ok deraadt djm 2025-05-20 18:03:11 +10:00
auth-rhosts.c Create replacement netgroup.h if needed. 2025-09-05 19:13:52 +10:00
auth-shadow.c replace remaining manual logging of __func__ 2025-09-02 19:30:07 +10:00
auth-sia.c Remove key.h from portable files too. 2018-07-12 14:57:46 +10:00
auth-sia.h - (dtucker) [auth-passwd.c auth-sia.h] Remove duplicate definitions of 2005-04-05 21:00:47 +10:00
auth.c upstream: support multiple files in a sshd_config RevokedKeys 2026-02-12 10:30:11 +11:00
auth.h upstream: remove vestige of when we supported running without privsep 2026-02-06 12:26:23 +11:00
auth2-chall.c upstream: Replace all remaining instances of u_intXX_t types with the 2026-03-03 21:04:04 +11:00
auth2-gss.c upstream: Replace all remaining instances of u_intXX_t types with the 2026-03-03 21:04:04 +11:00
auth2-hostbased.c upstream: When certificate support was added to OpenSSH, 2025-12-22 12:51:24 +11:00
auth2-kbdint.c upstream: Start the process of splitting sshd into separate 2024-05-17 14:41:35 +10:00
auth2-methods.c upstream: typos 2024-05-31 19:04:11 +10:00
auth2-none.c Resync headers with upstream. 2026-02-08 04:40:08 +11:00
auth2-passwd.c upstream: Start the process of splitting sshd into separate 2024-05-17 14:41:35 +10:00
auth2-pubkey.c Move USE_SYSTEM_GLOB into a glob.h compat shim. 2026-02-09 04:05:27 +11:00
auth2-pubkeyfile.c upstream: When certificate support was added to OpenSSH, 2025-12-22 12:51:24 +11:00
auth2.c upstream: Replace all remaining instances of u_intXX_t types with the 2026-03-03 21:04:04 +11:00
authfd.c upstream: ssh-agent supports a "query" extension that allows a 2026-03-05 16:45:28 +11:00
authfd.h upstream: ssh-agent supports a "query" extension that allows a 2026-03-05 16:45:28 +11:00
authfile.c upstream: remove unneeded includes; ok dtucker@ 2026-02-15 19:49:47 -05:00
authfile.h upstream: factor out reading/writing sshbufs to dedicated 2020-01-26 10:18:42 +11:00
bitmap.c upstream commit 2017-10-20 12:58:35 +11:00
bitmap.h upstream commit 2017-10-20 12:58:35 +11:00
buildpkg.sh.in fix old typo (s/SYSVINITSTOPT/SYSVINITSTOP/) 2024-12-16 15:36:54 -08:00
canohost.c upstream: Replace all remaining instances of u_intXX_t types with the 2026-03-03 21:04:04 +11:00
canohost.h upstream commit 2016-03-08 06:20:35 +11:00
chacha.c upstream: move other RCSIDs to before their respective license blocks 2023-07-17 15:33:51 +10:00
chacha.h upstream: whitespace (tab after space) 2021-04-03 17:20:00 +11:00
channels.c upstream: With IANA codepoints for draft-ietf-sshm-ssh-agent now 2026-03-05 16:45:04 +11:00
channels.h upstream: With IANA codepoints for draft-ietf-sshm-ssh-agent now 2026-03-05 16:45:04 +11:00
cipher-aes.c remove support for old libcrypto 2023-03-24 13:56:25 +11:00
cipher-aesctr.c upstream: De-underscore __inline__ to match -portable 2026-02-11 12:40:06 -05:00
cipher-aesctr.h - markus@cvs.openbsd.org 2014/04/29 18:01:49 2014-05-15 14:24:09 +10:00
cipher-chachapoly-libcrypto.c upstream: remove unneeded includes; ok dtucker@ 2026-02-15 19:49:47 -05:00
cipher-chachapoly.c upstream: move other RCSIDs to before their respective license blocks 2023-07-17 15:33:51 +10:00
cipher-chachapoly.h upstream: make Chacha20-POLY1305 context struct opaque; ok tb@ as 2020-04-03 15:36:57 +11:00
cipher.c upstream: remove unneeded includes; ok dtucker@ 2026-02-15 19:49:47 -05:00
cipher.h upstream: Garbage collect cipher_get_keyiv_len() 2023-10-11 15:57:08 +11:00
cleanup.c - (djm) [auth-pam.c auth-shadow.c auth2-none.c cleanup.c sshd.c] 2006-08-05 14:07:20 +10:00
clientloop.c upstream: With IANA codepoints for draft-ietf-sshm-ssh-agent now 2026-03-05 16:45:04 +11:00
clientloop.h upstream: Replace all remaining instances of u_intXX_t types with the 2026-03-03 21:04:04 +11:00
compat.c upstream: Move banner exchange to sshd-auth process 2026-03-02 13:43:29 +11:00
compat.h upstream: Refactor creation of KEX proposal. 2023-03-06 23:31:52 +11:00
config.guess Update autotools 2022-12-06 12:23:08 +11:00
config.sub Update autotools 2022-12-06 12:23:08 +11:00
configure.ac Try -lstdc++ for libcrypto before giving up. 2026-03-01 09:46:39 +11:00
CREDITS convert to UTF-8; from Mike Frysinger 2019-07-29 09:49:23 +10:00
crypto_api.h upstream: move crypto_hash_sha512() to be inline in crypto_api.h, saves 2025-10-31 10:29:11 +11:00
defines.h Move USE_SYSTEM_GLOB into a glob.h compat shim. 2026-02-09 04:05:27 +11:00
dh.c upstream: Reorder headers according to KNF, 2026-02-09 09:47:11 +11:00
dh.h upstream: Add ModuliFile keyword to sshd_config to specify the 2021-03-13 13:14:13 +11:00
digest-libc.c upstream: Replace all remaining instances of u_intXX_t types with the 2026-03-03 21:04:04 +11:00
digest-openssl.c upstream: whitespace; no code change 2020-10-29 13:54:13 +11:00
digest.h upstream commit 2017-05-10 11:41:21 +10:00
dispatch.c upstream: Replace all remaining instances of u_intXX_t types with the 2026-03-03 21:04:04 +11:00
dispatch.h upstream: Replace all remaining instances of u_intXX_t types with the 2026-03-03 21:04:04 +11:00
dns.c upstream: Replace all remaining instances of u_intXX_t types with the 2026-03-03 21:04:04 +11:00
dns.h upstream: remove experimental support for XMSS keys; 2025-08-29 13:58:40 +10:00
ed25519-openssl.c upstream: support ed25519 signatures via libcrypto. Mostly by Jeremy 2025-10-31 08:04:35 +11:00
ed25519.c upstream: support ed25519 signatures via libcrypto. Mostly by Jeremy 2025-10-31 08:04:35 +11:00
ed25519.sh upstream: spelling; ok djm@ 2024-05-17 14:42:49 +10:00
entropy.c upstream: Replace all remaining instances of u_intXX_t types with the 2026-03-03 21:04:04 +11:00
entropy.h Factor out RNG reseeding in to a single function. 2026-02-11 17:36:42 -05:00
fatal.c upstream: fix SEGV on fatal() errors spotted by dtucker@ 2020-10-19 19:09:08 +11:00
fixalgorithms - (dtucker) [Makefile.in configure.ac fixalgorithms] Remove unsupported 2013-06-11 11:26:10 +10:00
fixpaths - (djm) PERL-free fixpaths from stuge-openssh-unix-dev@cdy.org 2002-12-05 20:59:33 +11:00
groupaccess.c let ga_init() fail gracefully if getgrouplist does 2025-07-11 17:20:27 -07:00
groupaccess.h - djm@cvs.openbsd.org 2008/07/04 03:44:59 2008-07-04 13:51:12 +10:00
gss-genr.c upstream: Reorder headers according to KNF, 2026-02-09 09:47:11 +11:00
gss-serv-krb5.c upstream: Make ssh optionally build with Kerberos 5 against the 2026-02-09 04:05:31 +11:00
gss-serv.c upstream: Pass actual size of the buffer to hostname() instead of a 2026-02-11 12:40:07 -05:00
hmac.c upstream: remove unneeded includes; ok dtucker@ 2026-02-15 19:49:47 -05:00
hmac.h - djm@cvs.openbsd.org 2014/06/24 01:13:21 2014-07-02 15:28:02 +10:00
hostfile.c upstream: avoid leak of fingerprint on error path; from Lidong Yan via 2025-11-25 11:57:36 +11:00
hostfile.h upstream: make struct hostkeys public; I have no idea why I made it 2021-01-26 12:21:48 +11:00
includes.h Add fcntl.h to includes. 2025-10-07 20:25:07 +11:00
INSTALL Add AWS-LC and BoringSSL as potential libcryptos. 2026-02-24 15:42:04 -05:00
install-sh Update autotools 2022-12-06 12:23:08 +11:00
kex-names.c upstream: remove unneeded includes; ok dtucker@ 2026-02-15 19:49:47 -05:00
kex.c upstream: With IANA codepoints for draft-ietf-sshm-ssh-agent now 2026-03-05 16:45:04 +11:00
kex.h upstream: With IANA codepoints for draft-ietf-sshm-ssh-agent now 2026-03-05 16:45:04 +11:00
kexc25519.c upstream: Add experimental support for hybrid post-quantum key exchange 2024-09-02 22:32:44 +10:00
kexdh.c upstream: remove unneeded includes; ok dtucker@ 2026-02-15 19:49:47 -05:00
kexecdh.c upstream: remove unneeded includes; ok dtucker@ 2026-02-15 19:49:47 -05:00
kexgen.c upstream: Replace all remaining instances of u_intXX_t types with the 2026-03-03 21:04:04 +11:00
kexgex.c upstream: remove unneeded includes; ok dtucker@ 2026-02-15 19:49:47 -05:00
kexgexc.c upstream: Replace all remaining instances of u_intXX_t types with the 2026-03-03 21:04:04 +11:00
kexgexs.c upstream: Replace all remaining instances of u_intXX_t types with the 2026-03-03 21:04:04 +11:00
kexmlkem768x25519.c Create replacement endian.h if needed. 2025-09-05 19:55:20 +10:00
kexsntrup761x25519.c upstream: update the Streamlined NTRU Prime code from the "ref" 2024-09-15 12:24:48 +10:00
krl.c upstream: Replace all remaining instances of u_intXX_t types with the 2026-03-03 21:04:04 +11:00
krl.h upstream: Replace all remaining instances of u_intXX_t types with the 2026-03-03 21:04:04 +11:00
libcrux_mlkem768_sha3.h upstream: sync support for systems that lack __builtin_popcount() from 2025-11-13 16:14:24 +11:00
LICENCE include openbsd-compat/base64.c license in LICENSE 2024-09-18 16:03:23 +10:00
log.c upstream: remove unneeded includes; ok dtucker@ 2026-02-15 19:49:47 -05:00
log.h upstream: add infrastructure for ratelimited logging; feedback/ok 2024-12-07 21:22:56 +11:00
loginrec.c Fix ut_type for btmp records 2026-02-08 02:55:47 +11:00
loginrec.h Fix ut_type for btmp records 2026-02-08 02:55:47 +11:00
logintest.c Create replacement time.h if needed. 2025-09-05 17:55:33 +10:00
mac.c upstream: Replace all remaining instances of u_intXX_t types with the 2026-03-03 21:04:04 +11:00
mac.h upstream: Replace all remaining instances of u_intXX_t types with the 2026-03-03 21:04:04 +11:00
Makefile.in upstream: Fetch the error reason from libcrypto 2026-02-07 11:12:20 +11:00
match.c upstream: make parsing user@host consistently look for the last '@' in 2024-09-06 12:31:19 +10:00
match.h upstream: some language improvements; ok markus 2020-07-15 15:07:42 +10:00
mdoc2man.awk mdoc2man: process Dl macros 2025-10-14 18:40:39 +11:00
misc-agent.c upstream: Add includes used in Portable to reduce diffs. 2026-02-12 10:28:24 +11:00
misc.c upstream: Replace all remaining instances of u_intXX_t types with the 2026-03-03 21:04:04 +11:00
misc.h upstream: Replace all remaining instances of u_intXX_t types with the 2026-03-03 21:04:04 +11:00
mkinstalldirs Remove remaining now-obsolete cvs $Ids. 2018-02-15 20:06:19 +11:00
mlkem768.sh upstream: sync support for systems that lack __builtin_popcount() from 2025-11-13 16:14:24 +11:00
moduli upstream: Import regenerate moduli. 2025-10-12 11:02:10 +11:00
moduli.5 Resync moduli.5 with upstream. 2022-04-16 14:33:20 +10:00
moduli.c upstream: Replace all remaining instances of u_intXX_t types with the 2026-03-03 21:04:04 +11:00
monitor.c upstream: Move banner exchange to sshd-auth process 2026-03-02 13:43:29 +11:00
monitor.h upstream: Move banner exchange to sshd-auth process 2026-03-02 13:43:29 +11:00
monitor_fdpass.c upstream: Reorder headers according to KNF, 2026-02-09 09:47:11 +11:00
monitor_fdpass.h - djm@cvs.openbsd.org 2007/09/04 03:21:03 2007-09-17 12:04:08 +10:00
monitor_wrap.c upstream: Move banner exchange to sshd-auth process 2026-03-02 13:43:29 +11:00
monitor_wrap.h upstream: Move banner exchange to sshd-auth process 2026-03-02 13:43:29 +11:00
msg.c upstream: remove unneeded includes; ok dtucker@ 2026-02-15 19:49:47 -05:00
msg.h upstream commit 2015-01-15 21:39:14 +11:00
mux.c upstream: With IANA codepoints for draft-ietf-sshm-ssh-agent now 2026-03-05 16:45:04 +11:00
myproposal.h upstream: Implement missing pieces of FIDO/webauthn signature support, 2026-02-06 09:06:47 +11:00
nchan.c upstream: remove unneeded includes; ok dtucker@ 2026-02-15 19:49:47 -05:00
nchan.ms - djm@cvs.openbsd.org 2003/11/21 11:57:03 2003-11-21 23:48:55 +11:00
nchan2.ms - djm@cvs.openbsd.org 2008/05/15 23:52:24 2008-05-19 16:08:20 +10:00
openssh.xml.in - (tim) [buildpkg.sh.in openssh.xml.in] Allow more flexibility where smf(5) 2007-07-24 21:16:07 -07:00
opensshd.init.in Replace shell function with ssh-keygen -A. 2021-08-20 18:14:13 +10:00
OVERVIEW upstream: refer to OpenSSL not SSLeay; 2018-10-23 16:57:54 +11:00
packet.c upstream: Replace all remaining instances of u_intXX_t types with the 2026-03-03 21:04:04 +11:00
packet.h upstream: Replace all remaining instances of u_intXX_t types with the 2026-03-03 21:04:04 +11:00
pathnames.h Minor resync with upstream 2026-02-10 13:17:30 +11:00
pkcs11.h upstream: update our PKCS#11 API header to v3.0; 2025-07-26 11:54:10 +10:00
platform-listen.c Add support for locking memory on Linux 2025-03-23 11:24:03 +11:00
platform-misc.c Split platform_sys_dir_uid into its own file 2017-08-25 13:25:01 +10:00
platform-pledge.c Support Illumos/Solaris fine-grained privileges 2016-01-08 14:29:12 +11:00
platform-tracing.c Fix comment text. From emaste at freebsd.org. 2022-11-09 08:27:47 +11:00
platform.c Debug log for why an account is considered locked. 2025-05-11 22:54:13 +10:00
platform.h platform: introduce a way to hook new session start 2025-03-23 11:23:33 +11:00
poly1305.c Fill in missing system header files. 2025-09-05 17:06:14 +10:00
poly1305.h - djm@cvs.openbsd.org 2014/05/02 03:27:54 2014-05-15 14:37:03 +10:00
progressmeter.c upstream: Remove dead code ternary. We always report at least 2025-06-11 23:31:13 +10:00
progressmeter.h upstream: Have progressmeter force an update at the beginning and 2019-01-25 06:32:14 +11:00
PROTOCOL upstream: Use https for URLs. 2026-02-11 12:38:48 -05:00
PROTOCOL.agent upstream: remove experimental support for XMSS keys; 2025-08-29 13:58:40 +10:00
PROTOCOL.key upstream: in OpenSSH private key format, correct type for subsequent 2024-03-30 16:57:32 +11:00
PROTOCOL.krl upstream: remove vestigal support for KRL signatures 2023-07-17 14:52:35 +10:00
PROTOCOL.mux upstream: Remove outdated note from PROTOCOL.mux 2024-01-08 16:12:17 +11:00
PROTOCOL.sshsig upstream: Add RCS IDs to the few files that are missing them; from 2020-08-31 14:34:41 +10:00
PROTOCOL.u2f upstream: when writing an attestation blob for a FIDO key, record all 2020-09-09 13:11:34 +10:00
readconf.c upstream: remove unneeded includes; ok dtucker@ 2026-02-15 19:49:47 -05:00
readconf.h upstream: support multiple files in a ssh_config RevokedHostKeys 2026-02-12 10:30:11 +11:00
README Remove anchor to specific release notes version. 2026-02-24 11:10:16 -05:00
README.dns Minor documentation update: 2020-02-11 12:51:24 +11:00
README.md Add AWS-LC and BoringSSL as potential libcryptos. 2026-02-24 15:42:04 -05:00
README.platform nite that recent OSX tun/tap is unsupported 2024-01-08 16:26:37 +11:00
README.privsep Privsep is now required. 2019-09-19 15:41:23 +10:00
README.tun - deraadt@cvs.openbsd.org 2006/03/28 00:12:31 2006-03-31 23:10:51 +11:00
readpass.c upstream: remove unneeded includes; ok dtucker@ 2026-02-15 19:49:47 -05:00
rijndael.c upstream: Add includes used in Portable to reduce diffs. 2026-02-12 10:28:24 +11:00
rijndael.h upstream: Make prototype for rijndaelEncrypt match function 2021-09-29 11:09:27 +10:00
sandbox-capsicum.c replace remaining manual logging of __func__ 2025-09-02 19:30:07 +10:00
sandbox-darwin.c replace remaining manual logging of __func__ 2025-09-02 19:30:07 +10:00
sandbox-null.c upstream: Split per-connection sshd-session binary 2024-10-14 14:01:37 +11:00
sandbox-rlimit.c upstream: Split per-connection sshd-session binary 2024-10-14 14:01:37 +11:00
sandbox-seccomp-filter.c seccomp sandbox: allow uname(3) 2025-11-13 22:08:54 +11:00
sandbox-solaris.c upstream: Split per-connection sshd-session binary 2024-10-14 14:01:37 +11:00
scp.1 upstream: typos: a ssh* -> an ssh* 2025-10-06 12:18:28 +11:00
scp.c upstream: Reorder headers according to KNF, 2026-02-09 09:47:11 +11:00
SECURITY.md basic SECURITY.md (refers people to the website) 2021-11-03 12:08:21 +11:00
servconf.c upstream: make IPQoS first-match-wins in sshd_config as it's 2026-02-18 08:46:29 +11:00
servconf.h upstream: Replace all remaining instances of u_intXX_t types with the 2026-03-03 21:04:04 +11:00
serverloop.c upstream: Replace all remaining instances of u_intXX_t types with the 2026-03-03 21:04:04 +11:00
serverloop.h upstream commit 2017-09-12 17:37:02 +10:00
session.c upstream: With IANA codepoints for draft-ietf-sshm-ssh-agent now 2026-03-05 16:45:04 +11:00
session.h upstream: Add channel_force_close() 2023-01-06 16:21:39 +11:00
sftp-client.c upstream: Replace all remaining instances of u_intXX_t types with the 2026-03-03 21:04:04 +11:00
sftp-client.h upstream: Replace all remaining instances of u_intXX_t types with the 2026-03-03 21:04:04 +11:00
sftp-common.c upstream: Add includes used in Portable to reduce diffs. 2026-02-12 10:28:24 +11:00
sftp-common.h upstream: Replace all remaining instances of u_intXX_t types with the 2026-03-03 21:04:04 +11:00
sftp-glob.c Move USE_SYSTEM_GLOB into a glob.h compat shim. 2026-02-09 04:05:27 +11:00
sftp-realpath.c upstream: sys/param.h is not needed for any visible reason 2021-09-03 14:20:22 +10:00
sftp-server-main.c Remove seed_rng calls from scp, sftp, sftp-server. 2022-07-27 16:22:30 +10:00
sftp-server.8 upstream: standardise the grammar in the options list; issue 2021-08-03 09:39:57 +10:00
sftp-server.c upstream: Replace all remaining instances of u_intXX_t types with the 2026-03-03 21:04:04 +11:00
sftp-usergroup.c Shim <sys/queue.h> and <sys/tree.h>. 2026-02-10 13:17:13 +11:00
sftp-usergroup.h upstream: use users-groups-by-id@openssh.com sftp-server extension 2022-09-19 20:51:14 +10:00
sftp.1 upstream: sync -o option lists with ssh.1; requested jmc@ 2024-12-07 21:16:00 +11:00
sftp.c upstream: Reorder includes and defines to match both KNF and 2026-02-12 10:00:22 +11:00
sftp.h - dtucker@cvs.openbsd.org 2008/06/13 00:12:02 2008-06-13 10:22:54 +10:00
sk-api.h Fill in missing system header files. 2025-09-05 17:06:14 +10:00
sk-usbhid.c Fill in missing system header files. 2025-09-05 17:06:14 +10:00
smult_curve25519_ref.c - markus@cvs.openbsd.org 2013/11/02 21:59:15 2013-11-04 08:26:52 +11:00
sntrup761.c upstream: Fill entropy in a single operation instead of hundreds. 2026-01-21 10:05:37 +11:00
sntrup761.sh upstream: Fill entropy in a single operation instead of hundreds. 2026-01-21 10:05:37 +11:00
srclimit.c Shim <sys/queue.h> and <sys/tree.h>. 2026-02-10 13:17:13 +11:00
srclimit.h upstream: Add 'invaliduser' penalty to PerSourcePenalties, which is 2025-12-16 20:40:59 +11:00
ssh-add.1 upstream: ssh-agent supports a "query" extension that allows a 2026-03-05 16:45:28 +11:00
ssh-add.c upstream: ssh-agent supports a "query" extension that allows a 2026-03-05 16:45:28 +11:00
ssh-agent.1 Update ssh-agent.1 2025-12-28 14:54:38 +11:00
ssh-agent.c upstream: correctness wrt draft-ietf-sshm-ssh-agent: 2026-03-05 16:45:04 +11:00
ssh-ecdsa-sk.c upstream: Typo fixes, mostly in comments. 2026-02-07 11:11:45 +11:00
ssh-ecdsa.c upstream: remove unneeded includes; ok dtucker@ 2026-02-15 19:49:47 -05:00
ssh-ed25519-sk.c upstream: remove unneeded includes; ok dtucker@ 2026-02-15 19:49:47 -05:00
ssh-ed25519.c upstream: remove unneeded includes; ok dtucker@ 2026-02-15 19:49:47 -05:00
ssh-gss.h upstream: remove prototypes with no matching function; ok djm@ 2024-05-22 14:21:13 +10:00
ssh-keygen.1 upstream: When certificate support was added to OpenSSH, 2025-12-22 12:51:24 +11:00
ssh-keygen.c upstream: Replace all remaining instances of u_intXX_t types with the 2026-03-03 21:04:04 +11:00
ssh-keyscan.1 upstream: typos: a ssh* -> an ssh* 2025-10-06 12:18:28 +11:00
ssh-keyscan.c Shim <sys/queue.h> and <sys/tree.h>. 2026-02-10 13:17:13 +11:00
ssh-keysign.8 upstream: disable the DSA signature algorithm by default; ok 2024-06-17 18:48:29 +10:00
ssh-keysign.c upstream: Remove calls to OpenSSL_add_all_algorithms() 2025-11-13 22:08:28 +11:00
ssh-pkcs11-client.c upstream: Remove unused OpenSSL includes, 2026-02-11 12:39:02 -05:00
ssh-pkcs11-helper.8 upstream: mention that the helpers are used by ssh(1), ssh-agent(1) 2022-04-29 13:26:24 +10:00
ssh-pkcs11-helper.c upstream: Remove unused sys/queue.h include. 2026-02-12 10:00:37 +11:00
ssh-pkcs11.c upstream: Replace all remaining instances of u_intXX_t types with the 2026-03-03 21:04:04 +11:00
ssh-pkcs11.h upstream: Replace all remaining instances of u_intXX_t types with the 2026-03-03 21:04:04 +11:00
ssh-rsa.c upstream: remove unneeded includes; ok dtucker@ 2026-02-15 19:49:47 -05:00
ssh-sandbox.h upstream: Split per-connection sshd-session binary 2024-10-14 14:01:37 +11:00
ssh-sk-client.c upstream: remove unneeded includes; ok dtucker@ 2026-02-15 19:49:47 -05:00
ssh-sk-helper.8 upstream: mention that the helpers are used by ssh(1), ssh-agent(1) 2022-04-29 13:26:24 +10:00
ssh-sk-helper.c Removed duplicate includes; spotted by jsg@. 2026-02-16 18:32:41 -05:00
ssh-sk.c Fill in missing system header files. 2025-09-05 17:06:14 +10:00
ssh-sk.h upstream: When downloading resident keys from a FIDO token, pass 2021-10-28 13:56:59 +11:00
ssh.1 upstream: add a "ssh -O channels user@host" multiplexing command to 2025-12-22 12:51:22 +11:00
ssh.c upstream: With IANA codepoints for draft-ietf-sshm-ssh-agent now 2026-03-05 16:45:04 +11:00
ssh.h upstream: remove some unused defines; ok djm@ 2024-09-27 10:01:11 +10:00
ssh2.h upstream: Reserve a range of "local extension" message numbers that 2023-10-10 14:58:55 +11:00
ssh_api.c upstream: Replace all remaining instances of u_intXX_t types with the 2026-03-03 21:04:04 +11:00
ssh_api.h Shim <sys/queue.h> and <sys/tree.h>. 2026-02-10 13:17:13 +11:00
ssh_config upstream: finally remove DSA signature support from OpenSSH. 2025-05-07 14:20:14 +10:00
ssh_config.5 upstream: Remove references to skey auth which is long gone. 2026-02-11 12:39:58 -05:00
sshbuf-getput-basic.c upstream: Replace all remaining instances of u_intXX_t types with the 2026-03-03 21:04:04 +11:00
sshbuf-getput-crypto.c Minor resync with upstream 2026-02-10 13:17:30 +11:00
sshbuf-io.c upstream: tidy headers; some junk snuck into sshbuf-misc.c and 2020-01-26 10:34:50 +11:00
sshbuf-misc.c Fill in missing system header files. 2025-09-05 17:06:14 +10:00
sshbuf.c upstream: Add sshbuf_consume_upto_child(), to similify particular 2025-12-30 11:36:51 +11:00
sshbuf.h upstream: Replace all remaining instances of u_intXX_t types with the 2026-03-03 21:04:04 +11:00
sshconnect.c upstream: Reorder headers to match KNF and Portable. 2026-02-15 20:07:13 -05:00
sshconnect.h upstream: remove unneeded forward struct declaration ok djm@ 2026-02-13 15:37:32 -05:00
sshconnect2.c upstream: Replace all remaining instances of u_intXX_t types with the 2026-03-03 21:04:04 +11:00
sshd-auth.c upstream: Move banner exchange to sshd-auth process 2026-03-02 13:43:29 +11:00
sshd-debug.sh upstream: spelling; ok djm@ 2024-12-05 01:28:54 +11:00
sshd-session.c upstream: Replace all remaining instances of u_intXX_t types with the 2026-03-03 21:04:04 +11:00
sshd.8 upstream: typos: a ssh* -> an ssh* 2025-10-06 12:18:28 +11:00
sshd.c Factor out RNG reseeding in to a single function. 2026-02-11 17:36:42 -05:00
sshd_config upstream: Improve description of KbdInteractiveAuthentication. 2024-12-04 01:55:30 +11:00
sshd_config.5 upstream: Remove references to skey auth which is long gone. 2026-02-11 12:39:58 -05:00
ssherr-libcrypto.c upstream: Fetch the error reason from libcrypto 2026-02-07 11:12:20 +11:00
ssherr-nolibcrypto.c upstream: Fetch the error reason from libcrypto 2026-02-07 11:12:20 +11:00
ssherr.c upstream: Fetch the error reason from libcrypto 2026-02-07 11:12:20 +11:00
ssherr.h upstream: Fetch the error reason from libcrypto 2026-02-07 11:12:20 +11:00
sshkey.c upstream: Typo fixes, mostly in comments. 2026-02-07 11:11:45 +11:00
sshkey.h upstream: Replace all remaining instances of u_intXX_t types with the 2026-03-03 21:04:04 +11:00
sshlogin.c upstream: remove duplicate includes; ok dtucker@ 2026-02-18 08:46:28 +11:00
sshlogin.h - (djm) [sshlogin.h] Fix prototype merge botch from 2006; bz#2134 2013-08-01 14:34:16 +10:00
sshpty.c Removed duplicate includes; spotted by jsg@. 2026-02-16 18:32:41 -05:00
sshpty.h upstream commit 2016-11-29 16:51:27 +11:00
sshsig.c upstream: When certificate support was added to OpenSSH, 2025-12-22 12:51:24 +11:00
sshsig.h upstream: Add ssh-keygen -Y match-principals operation to perform 2021-11-27 18:22:41 +11:00
sshtty.c - djm@cvs.openbsd.org 2010/01/09 05:04:24 2010-01-09 22:26:23 +11:00
survey.sh.in - (dtucker) [config.sh.in] Collect oslevel -r too. 2005-02-15 21:26:32 +11:00
TODO upstream: finally remove DSA signature support from OpenSSH. 2025-05-07 14:20:14 +10:00
ttymodes.c upstream: remove unneeded includes; ok dtucker@ 2026-02-15 19:49:47 -05:00
ttymodes.h upstream commit 2017-05-01 10:05:04 +10:00
uidswap.c upstream: Add includes used in Portable to reduce diffs. 2026-02-12 10:28:24 +11:00
uidswap.h upstream: Remove support for running ssh(1) setuid and fatal if 2018-07-19 21:41:42 +10:00
umac.c upstream: Replace all remaining instances of u_intXX_t types with the 2026-03-03 21:04:04 +11:00
umac.h upstream: spelling ok dtucker@ 2022-01-01 15:19:48 +11:00
umac128.c upstream commit 2018-02-09 20:00:18 +11:00
utf8.c upstream: expose vasnmprintf(); ok (as part of other commit) markus 2020-05-01 16:40:11 +10:00
utf8.h upstream: highly polished whitespace, mostly fixing spaces-for-tab 2021-04-03 17:23:02 +11:00
version.h upstream: openssh-10.2 2025-10-09 10:07:05 +11:00
xmalloc.c Fill in missing system header files. 2025-09-05 17:06:14 +10:00
xmalloc.h upstream: highly polished whitespace, mostly fixing spaces-for-tab 2021-04-03 17:23:02 +11:00

README.md

Portable OpenSSH

C/C++ CI VM CI C/C++ CI self-hosted CIFuzz Fuzzing Status Coverity Status

OpenSSH is a complete implementation of the SSH protocol (version 2) for secure remote login, command execution and file transfer. It includes a client ssh and server sshd, file transfer utilities scp and sftp as well as tools for key generation (ssh-keygen), run-time key storage (ssh-agent) and a number of supporting programs.

This is a port of OpenBSD's OpenSSH to most Unix-like operating systems, including Linux, OS X and Cygwin. Portable OpenSSH polyfills OpenBSD APIs that are not available elsewhere, adds sshd sandboxing for more operating systems and includes support for OS-native authentication and auditing (e.g. using PAM).

Documentation

The official documentation for OpenSSH are the man pages for each tool:

Stable Releases

Stable release tarballs are available from a number of download mirrors. We recommend the use of a stable release for most users. Please read the release notes for details of recent changes and potential incompatibilities.

Building Portable OpenSSH

Dependencies

Portable OpenSSH is built using autoconf and make. It requires a working C compiler, standard library and headers.

libcrypto from one of LibreSSL, OpenSSL, AWS-LC or BoringSSL may also be used. OpenSSH may be built without either of these, but the resulting binaries will have only a subset of the cryptographic algorithms normally available.

zlib is optional; without it transport compression is not supported.

FIDO security token support needs libfido2 and its dependencies and will be enabled automatically if they are found.

In addition, certain platforms and build-time options may require additional dependencies; see README.platform for details about your platform.

Building a release

Release tarballs and release branches in git include a pre-built copy of the configure script and may be built using:

tar zxvf openssh-X.YpZ.tar.gz
cd openssh
./configure # [options]
make && make tests

See the Build-time Customisation section below for configure options. If you plan on installing OpenSSH to your system, then you will usually want to specify destination paths.

Building from git

If building from the git master branch, you'll need autoconf installed to build the configure script. The following commands will check out and build portable OpenSSH from git:

git clone https://github.com/openssh/openssh-portable # or https://anongit.mindrot.org/openssh.git
cd openssh-portable
autoreconf
./configure
make && make tests

Build-time Customisation

There are many build-time customisation options available. All Autoconf destination path flags (e.g. --prefix) are supported (and are usually required if you want to install OpenSSH).

For a full list of available flags, run ./configure --help but a few of the more frequently-used ones are described below. Some of these flags will require additional libraries and/or headers be installed.

Flag Meaning
--with-pam Enable PAM support. OpenPAM, Linux PAM and Solaris PAM are supported.
--with-libedit Enable libedit support for sftp.
--with-kerberos5 Enable Kerberos/GSSAPI support. Both Heimdal and MIT Kerberos implementations are supported.
--with-selinux Enable SELinux support.

Development

Portable OpenSSH development is discussed on the openssh-unix-dev mailing list (archive mirror). Bugs and feature requests are tracked on our Bugzilla.

Reporting bugs

Non-security bugs may be reported to the developers via Bugzilla or via the mailing list above. Security bugs should be reported to openssh@openssh.com.