sigma/openssh
1
0
Fork 0
mirror of https://github.com/openssh/openssh-portable.git synced 2025-12-06 00:04:37 +00:00
Code Releases Activity
Portable OpenSSH
13,400 commits 72 branches 162 tags 81 MiB
Find a file
Exact
djm@openbsd.org 5f5d1af478
 upstream: ASSERT_DOUBLE_* test helpers 
OpenBSD-Regress-ID: cdb5c4e95c0f00efb773ddba4056a49e33702cf9
2025-12-05 22:14:04 +11:00
.github Simplify git command to avoid yaml syntax error. 2025-11-13 10:23:45 +11:00
contrib update versions 2025-10-06 12:51:13 +11:00
m4 wrap some autoconf macros in AC_CACHE_CHECK 2025-07-02 13:47:38 +10:00
openbsd-compat Pull in rev 1.17 for spelling fix. 2025-11-18 20:14:44 +11:00
regress upstream: ASSERT_DOUBLE_* test helpers 2025-12-05 22:14:04 +11:00
.depend rename openbsd-compat sha2.h -> bsd-sha2.h 2025-10-31 11:16:29 +11:00
.git_allowed_signers Add new hardware-backed signing key for myself. 2024-12-06 23:54:45 +11:00
.git_allowed_signers.asc add new token-based signing key for dtucker@ 2024-03-30 16:05:59 +11:00
.gitignore gitignore: ignore all *~ files 2025-10-14 18:37:40 +11:00
.skipped-commit-ids upstream: Prepare for gcc 3 leaving the building, COMPILER_VERSION 2025-10-30 14:20:53 +11:00
addr.c upstream: remove addr.[ch] functions that are unused and 2024-10-18 15:30:36 +11:00
addr.h upstream: remove addr.[ch] functions that are unused and 2024-10-18 15:30:36 +11:00
addrmatch.c upstream: highly polished whitespace, mostly fixing spaces-for-tab 2021-04-03 17:23:02 +11:00
atomicio.c Create replacement poll.h if needed. 2025-09-05 17:17:52 +10:00
atomicio.h upstream: move client/server SSH-* banners to buffers under 2018-12-27 14:38:22 +11:00
audit-bsm.c replace remaining manual logging of __func__ 2025-09-02 19:30:07 +10:00
audit-linux.c Don't log audit messages with UNKNOWN hostname 2025-09-30 09:51:51 +10:00
audit.c last bits of old packet API / active_state global 2019-01-20 14:55:27 +11:00
audit.h last bits of old packet API / active_state global 2019-01-20 14:55:27 +11:00
auth-bsdauth.c remove duplicate #includes 2019-10-02 10:54:28 +10:00
auth-krb5.c upstream: Include misc.h. Removes diff vs portable. 2025-09-30 07:44:01 +10:00
auth-options.c upstream: fix memleak when applying certificate options; ok 2025-09-15 16:12:59 +10:00
auth-options.h upstream: make authorized_keys environment="..." directives 2021-07-23 14:07:19 +10:00
auth-pam.c check PAM user against previous user, not pw_name 2025-10-31 13:47:49 +11:00
auth-pam.h upstream: Start the process of splitting sshd into separate 2024-05-17 14:41:35 +10:00
auth-passwd.c upstream: convert a last quad_t to int64_t. ok deraadt djm 2025-05-20 18:03:11 +10:00
auth-rhosts.c Create replacement netgroup.h if needed. 2025-09-05 19:13:52 +10:00
auth-shadow.c replace remaining manual logging of __func__ 2025-09-02 19:30:07 +10:00
auth-sia.c Remove key.h from portable files too. 2018-07-12 14:57:46 +10:00
auth-sia.h - (dtucker) [auth-passwd.c auth-sia.h] Remove duplicate definitions of 2005-04-05 21:00:47 +10:00
auth.c upstream: when merging auth options into the active set, don't 2025-09-15 16:12:59 +10:00
auth.h upstream: remove prototypes with no matching function; ok djm@ 2024-05-22 14:21:13 +10:00
auth2-chall.c upstream: Relax array check slightly. Prevents compiler warnings 2025-10-02 19:04:38 +10:00
auth2-gss.c upstream: g/c unused variable 2024-05-17 14:42:49 +10:00
auth2-hostbased.c upstream: Cast serial no for %lld to prevent compiler warnings on some 2025-08-14 19:39:55 +10:00
auth2-kbdint.c upstream: Start the process of splitting sshd into separate 2024-05-17 14:41:35 +10:00
auth2-methods.c upstream: typos 2024-05-31 19:04:11 +10:00
auth2-none.c upstream: Start the process of splitting sshd into separate 2024-05-17 14:41:35 +10:00
auth2-passwd.c upstream: Start the process of splitting sshd into separate 2024-05-17 14:41:35 +10:00
auth2-pubkey.c Create replacement paths.h if needed. 2025-09-05 17:24:50 +10:00
auth2-pubkeyfile.c upstream: Cast serial no for %lld to prevent compiler warnings on some 2025-08-14 20:31:02 +10:00
auth2.c replace remaining manual logging of __func__ 2025-09-02 19:30:07 +10:00
authfd.c upstream: remove experimental support for XMSS keys; 2025-08-29 13:58:40 +10:00
authfd.h upstream: remove experimental support for XMSS keys; 2025-08-29 13:58:40 +10:00
authfile.c upstream: remove experimental support for XMSS keys; 2025-08-29 13:58:40 +10:00
authfile.h upstream: factor out reading/writing sshbufs to dedicated 2020-01-26 10:18:42 +11:00
bitmap.c upstream commit 2017-10-20 12:58:35 +11:00
bitmap.h upstream commit 2017-10-20 12:58:35 +11:00
buildpkg.sh.in fix old typo (s/SYSVINITSTOPT/SYSVINITSTOP/) 2024-12-16 15:36:54 -08:00
canohost.c upstream: Return immediately from get_sock_port 2023-03-31 16:17:22 +11:00
canohost.h upstream commit 2016-03-08 06:20:35 +11:00
chacha.c upstream: move other RCSIDs to before their respective license blocks 2023-07-17 15:33:51 +10:00
chacha.h upstream: whitespace (tab after space) 2021-04-03 17:20:00 +11:00
channels.c upstream: don't reuse c->isatty for signalling that the remote channel 2025-10-07 19:20:20 +11:00
channels.h upstream: don't reuse c->isatty for signalling that the remote channel 2025-10-07 19:20:20 +11:00
cipher-aes.c remove support for old libcrypto 2023-03-24 13:56:25 +11:00
cipher-aesctr.c Add includes.h for compatibility stuff. 2015-02-25 13:17:40 +11:00
cipher-aesctr.h - markus@cvs.openbsd.org 2014/04/29 18:01:49 2014-05-15 14:24:09 +10:00
cipher-chachapoly-libcrypto.c upstream: move other RCSIDs to before their respective license blocks 2023-07-17 15:33:51 +10:00
cipher-chachapoly.c upstream: move other RCSIDs to before their respective license blocks 2023-07-17 15:33:51 +10:00
cipher-chachapoly.h upstream: make Chacha20-POLY1305 context struct opaque; ok tb@ as 2020-04-03 15:36:57 +11:00
cipher.c upstream: simplify algorithm list functions using xextendf(); ok 2025-09-02 21:09:10 +10:00
cipher.h upstream: Garbage collect cipher_get_keyiv_len() 2023-10-11 15:57:08 +11:00
cleanup.c - (djm) [auth-pam.c auth-shadow.c auth2-none.c cleanup.c sshd.c] 2006-08-05 14:07:20 +10:00
clientloop.c upstream: Add Escape option ~I that shows information about the current 2025-11-27 19:48:04 +11:00
clientloop.h upstream: Add an ssh -Oconninfo command 2025-12-05 18:05:44 +11:00
compat.c upstream: Refactor creation of KEX proposal. 2023-03-06 23:31:52 +11:00
compat.h upstream: Refactor creation of KEX proposal. 2023-03-06 23:31:52 +11:00
config.guess Update autotools 2022-12-06 12:23:08 +11:00
config.sub Update autotools 2022-12-06 12:23:08 +11:00
configure.ac Remove remaining OpenSSL_add_all_algorithms() calls. 2025-11-13 22:08:43 +11:00
CREDITS convert to UTF-8; from Mike Frysinger 2019-07-29 09:49:23 +10:00
crypto_api.h upstream: move crypto_hash_sha512() to be inline in crypto_api.h, saves 2025-10-31 10:29:11 +11:00
defines.h Supply timespecsub if needed. 2025-05-05 19:09:25 +10:00
dh.c upstream: Remove fallback to compiled-in gropup for dhgex when the 2024-12-05 01:28:47 +11:00
dh.h upstream: Add ModuliFile keyword to sshd_config to specify the 2021-03-13 13:14:13 +11:00
digest-libc.c upstream: Remove unused rmd160.h header. ripemd160 support was 2025-09-05 20:11:44 +10:00
digest-openssl.c upstream: whitespace; no code change 2020-10-29 13:54:13 +11:00
digest.h upstream commit 2017-05-10 11:41:21 +10:00
dispatch.c upstream: use logit_f("...") instead of logit("func: ...") 2025-05-21 18:49:12 +10:00
dispatch.h upstream: remove last traces of old packet API! 2019-01-20 09:45:18 +11:00
dns.c upstream: remove experimental support for XMSS keys; 2025-08-29 13:58:40 +10:00
dns.h upstream: remove experimental support for XMSS keys; 2025-08-29 13:58:40 +10:00
ed25519-openssl.c upstream: support ed25519 signatures via libcrypto. Mostly by Jeremy 2025-10-31 08:04:35 +11:00
ed25519.c upstream: support ed25519 signatures via libcrypto. Mostly by Jeremy 2025-10-31 08:04:35 +11:00
ed25519.sh upstream: spelling; ok djm@ 2024-05-17 14:42:49 +10:00
entropy.c Move libcrypto init check into entropy.c. 2025-11-13 23:30:48 +11:00
entropy.h Adapt portable to legacy buffer API removal 2018-07-10 19:39:52 +10:00
fatal.c upstream: fix SEGV on fatal() errors spotted by dtucker@ 2020-10-19 19:09:08 +11:00
fixalgorithms - (dtucker) [Makefile.in configure.ac fixalgorithms] Remove unsupported 2013-06-11 11:26:10 +10:00
fixpaths - (djm) PERL-free fixpaths from stuge-openssh-unix-dev@cdy.org 2002-12-05 20:59:33 +11:00
groupaccess.c let ga_init() fail gracefully if getgrouplist does 2025-07-11 17:20:27 -07:00
groupaccess.h - djm@cvs.openbsd.org 2008/07/04 03:44:59 2008-07-04 13:51:12 +10:00
gss-genr.c upstream: Sort headers as per KNF. Removes diff vs portable. 2025-09-30 07:43:17 +10:00
gss-serv-krb5.c upstream: sshd: switch GSSAPI to sshbuf API; ok djm@ 2018-07-10 15:28:30 +10:00
gss-serv.c upstream: Move ifdef to start of file. Removes diff vs portable. 2025-09-30 08:19:55 +10:00
hmac.c upstream: Order headers as per KNF. Also removes diff vs 2025-09-05 20:12:46 +10:00
hmac.h - djm@cvs.openbsd.org 2014/06/24 01:13:21 2014-07-02 15:28:02 +10:00
hostfile.c upstream: avoid leak of fingerprint on error path; from Lidong Yan via 2025-11-25 11:57:36 +11:00
hostfile.h upstream: make struct hostkeys public; I have no idea why I made it 2021-01-26 12:21:48 +11:00
includes.h Add fcntl.h to includes. 2025-10-07 20:25:07 +11:00
INSTALL upstream: remove DSA from the regression/unit test suite too. 2025-05-07 15:58:53 +10:00
install-sh Update autotools 2022-12-06 12:23:08 +11:00
kex-names.c upstream: simplify algorithm list functions using xextendf(); ok 2025-09-02 21:09:10 +10:00
kex.c upstream: memleak of kex->server_sig_algs; ok dtucker@ 2025-09-15 16:13:00 +10:00
kex.h upstream: ssh(1): add a warning when the connection negotiates a 2025-08-11 21:03:29 +10:00
kexc25519.c upstream: Add experimental support for hybrid post-quantum key exchange 2024-09-02 22:32:44 +10:00
kexdh.c upstream: include openssl/bn.h explicitly in files where we use BN_* 2025-10-03 10:12:15 +10:00
kexecdh.c upstream: include openssl/bn.h explicitly in files where we use BN_* 2025-10-03 10:12:15 +10:00
kexgen.c Add /* WITH_OPENSSL */ comments. 2025-09-05 19:52:48 +10:00
kexgex.c upstream: pass most arguments to the KEX hash functions as sshbuf 2019-01-23 13:02:02 +11:00
kexgexc.c upstream: include openssl/bn.h explicitly in files where we use BN_* 2025-10-03 10:12:15 +10:00
kexgexs.c upstream: stray newline 2025-10-06 12:18:27 +11:00
kexmlkem768x25519.c Create replacement endian.h if needed. 2025-09-05 19:55:20 +10:00
kexsntrup761x25519.c upstream: update the Streamlined NTRU Prime code from the "ref" 2024-09-15 12:24:48 +10:00
krl.c upstream: memleak of KRL revoked certs struct; ok dtucker 2025-09-15 16:13:01 +10:00
krl.h upstream: remove vestigal support for KRL signatures 2023-07-17 14:52:35 +10:00
libcrux_mlkem768_sha3.h upstream: sync support for systems that lack __builtin_popcount() from 2025-11-13 16:14:24 +11:00
LICENCE include openbsd-compat/base64.c license in LICENSE 2024-09-18 16:03:23 +10:00
log.c upstream: don't strnvis() log messages that are going to be logged 2025-11-18 11:28:42 +11:00
log.h upstream: add infrastructure for ratelimited logging; feedback/ok 2024-12-07 21:22:56 +11:00
loginrec.c Create replacement sys/time.h if needed. 2025-09-05 17:48:22 +10:00
loginrec.h Add wtmpdb support as Y2038 safe wtmp replacement 2024-12-03 02:55:36 +11:00
logintest.c Create replacement time.h if needed. 2025-09-05 17:55:33 +10:00
mac.c upstream: Order headers as per KNF. 2025-09-05 20:41:15 +10:00
mac.h upstream commit 2016-07-08 13:50:03 +10:00
Makefile.in fix linking for sk-dummy.so, used in tests 2025-10-31 11:07:17 +11:00
match.c upstream: make parsing user@host consistently look for the last '@' in 2024-09-06 12:31:19 +10:00
match.h upstream: some language improvements; ok markus 2020-07-15 15:07:42 +10:00
mdoc2man.awk mdoc2man: process Dl macros 2025-10-14 18:40:39 +11:00
misc-agent.c Create replacement time.h if needed. 2025-09-05 17:55:33 +10:00
misc.c upstream: Add convtime_double() that converts a string interval, 2025-12-05 19:19:28 +11:00
misc.h upstream: Add convtime_double() that converts a string interval, 2025-12-05 19:19:28 +11:00
mkinstalldirs Remove remaining now-obsolete cvs $Ids. 2018-02-15 20:06:19 +11:00
mlkem768.sh upstream: sync support for systems that lack __builtin_popcount() from 2025-11-13 16:14:24 +11:00
moduli upstream: Import regenerate moduli. 2025-10-12 11:02:10 +11:00
moduli.5 Resync moduli.5 with upstream. 2022-04-16 14:33:20 +10:00
moduli.c upstream: Remove ssh-keygen's moduli screen -Omemory option. 2025-05-24 14:03:17 +10:00
monitor.c upstream: wait for the unprivileged sshd-auth process to exit 2025-09-25 17:01:57 +10:00
monitor.h upstream: Split per-connection sshd-session binary 2024-10-14 14:01:37 +11:00
monitor_fdpass.c Create replacement sys/un.h if needed. 2025-09-05 18:05:15 +10:00
monitor_fdpass.h - djm@cvs.openbsd.org 2007/09/04 03:21:03 2007-09-17 12:04:08 +10:00
monitor_wrap.c upstream: silence "mm_log_handler: write: Broken pipe" logspam 2025-10-10 13:30:50 +11:00
monitor_wrap.h upstream: the messaging layer between sshd-session and sshd-auth had a 2025-07-04 17:50:09 +10:00
msg.c upstream: Start the process of splitting sshd into separate 2024-05-17 14:41:35 +10:00
msg.h upstream commit 2015-01-15 21:39:14 +11:00
mux.c upstream: Add an ssh -Oconninfo command 2025-12-05 18:05:44 +11:00
myproposal.h upstream: unbreak 2024-12-03 01:07:08 +11:00
nchan.c upstream: Fix proxy multiplexing (-O proxy) bug 2024-07-26 08:51:40 +10:00
nchan.ms - djm@cvs.openbsd.org 2003/11/21 11:57:03 2003-11-21 23:48:55 +11:00
nchan2.ms - djm@cvs.openbsd.org 2008/05/15 23:52:24 2008-05-19 16:08:20 +10:00
openssh.xml.in - (tim) [buildpkg.sh.in openssh.xml.in] Allow more flexibility where smf(5) 2007-07-24 21:16:07 -07:00
opensshd.init.in Replace shell function with ssh-keygen -A. 2021-08-20 18:14:13 +10:00
OVERVIEW upstream: refer to OpenSSL not SSLeay; 2018-10-23 16:57:54 +11:00
packet.c upstream: Add an ssh -Oconninfo command 2025-12-05 18:05:44 +11:00
packet.h upstream: Add Escape option ~I that shows information about the current 2025-11-27 19:48:04 +11:00
pathnames.h upstream: remove experimental support for XMSS keys; 2025-08-29 13:58:40 +10:00
pkcs11.h upstream: update our PKCS#11 API header to v3.0; 2025-07-26 11:54:10 +10:00
platform-listen.c Add support for locking memory on Linux 2025-03-23 11:24:03 +11:00
platform-misc.c Split platform_sys_dir_uid into its own file 2017-08-25 13:25:01 +10:00
platform-pledge.c Support Illumos/Solaris fine-grained privileges 2016-01-08 14:29:12 +11:00
platform-tracing.c Fix comment text. From emaste at freebsd.org. 2022-11-09 08:27:47 +11:00
platform.c Debug log for why an account is considered locked. 2025-05-11 22:54:13 +10:00
platform.h platform: introduce a way to hook new session start 2025-03-23 11:23:33 +11:00
poly1305.c Fill in missing system header files. 2025-09-05 17:06:14 +10:00
poly1305.h - djm@cvs.openbsd.org 2014/05/02 03:27:54 2014-05-15 14:37:03 +10:00
progressmeter.c upstream: Remove dead code ternary. We always report at least 2025-06-11 23:31:13 +10:00
progressmeter.h upstream: Have progressmeter force an update at the beginning and 2019-01-25 06:32:14 +11:00
PROTOCOL upstream: Improve sentence. ok djm@ 2025-08-07 09:45:02 +10:00
PROTOCOL.agent upstream: remove experimental support for XMSS keys; 2025-08-29 13:58:40 +10:00
PROTOCOL.key upstream: in OpenSSH private key format, correct type for subsequent 2024-03-30 16:57:32 +11:00
PROTOCOL.krl upstream: remove vestigal support for KRL signatures 2023-07-17 14:52:35 +10:00
PROTOCOL.mux upstream: Remove outdated note from PROTOCOL.mux 2024-01-08 16:12:17 +11:00
PROTOCOL.sshsig upstream: Add RCS IDs to the few files that are missing them; from 2020-08-31 14:34:41 +10:00
PROTOCOL.u2f upstream: when writing an attestation blob for a FIDO key, record all 2020-09-09 13:11:34 +10:00
readconf.c upstream: Plug leaks while parsing Match blocks. Coverity CID 2025-11-20 16:33:09 +11:00
readconf.h upstream: ssh(1): add a warning when the connection negotiates a 2025-08-11 21:03:29 +10:00
README update versions 2025-10-06 12:51:13 +11:00
README.dns Minor documentation update: 2020-02-11 12:51:24 +11:00
README.md Update OSSFuzz link to current bug tracker. 2025-11-21 14:28:20 +11:00
README.platform nite that recent OSX tun/tap is unsupported 2024-01-08 16:26:37 +11:00
README.privsep Privsep is now required. 2019-09-19 15:41:23 +10:00
README.tun - deraadt@cvs.openbsd.org 2006/03/28 00:12:31 2006-03-31 23:10:51 +11:00
readpass.c Create replacement paths.h if needed. 2025-09-05 17:24:50 +10:00
rijndael.c upstream commit 2015-03-23 17:08:12 +11:00
rijndael.h upstream: Make prototype for rijndaelEncrypt match function 2021-09-29 11:09:27 +10:00
sandbox-capsicum.c replace remaining manual logging of __func__ 2025-09-02 19:30:07 +10:00
sandbox-darwin.c replace remaining manual logging of __func__ 2025-09-02 19:30:07 +10:00
sandbox-null.c upstream: Split per-connection sshd-session binary 2024-10-14 14:01:37 +11:00
sandbox-rlimit.c upstream: Split per-connection sshd-session binary 2024-10-14 14:01:37 +11:00
sandbox-seccomp-filter.c seccomp sandbox: allow uname(3) 2025-11-13 22:08:54 +11:00
sandbox-solaris.c upstream: Split per-connection sshd-session binary 2024-10-14 14:01:37 +11:00
scp.1 upstream: typos: a ssh* -> an ssh* 2025-10-06 12:18:28 +11:00
scp.c upstream: correctly quote filenames in verbose output for local->local 2025-12-03 17:30:40 +11:00
SECURITY.md basic SECURITY.md (refers people to the website) 2021-11-03 12:08:21 +11:00
servconf.c upstream: convert PerSourcePenalties to using floating point time, 2025-12-05 19:19:34 +11:00
servconf.h upstream: convert PerSourcePenalties to using floating point time, 2025-12-05 19:19:34 +11:00
serverloop.c upstream: Activate UnusedConnectionTimeout only after last channel 2025-10-30 14:20:53 +11:00
serverloop.h upstream commit 2017-09-12 17:37:02 +10:00
session.c upstream: Export XDG_RUNTIME_DIR to child ssh sessions 2025-11-18 11:29:55 +11:00
session.h upstream: Add channel_force_close() 2023-01-06 16:21:39 +11:00
sftp-client.c upstream: during sftp uploads, avoid a condition where a failed write 2025-09-30 10:19:15 +10:00
sftp-client.h upstream: fix leaks of struct sftp_conn in scp; ok dtucker@ 2025-09-15 16:13:25 +10:00
sftp-common.c Create replacement util.h if needed. 2025-09-05 17:27:43 +10:00
sftp-common.h upstream: extend sftp-common.c:extend ls_file() to support supplied 2022-09-19 20:49:13 +10:00
sftp-glob.c Create replacement sys/stat.h if needed. 2025-09-05 17:50:18 +10:00
sftp-realpath.c upstream: sys/param.h is not needed for any visible reason 2021-09-03 14:20:22 +10:00
sftp-server-main.c Remove seed_rng calls from scp, sftp, sftp-server. 2022-07-27 16:22:30 +10:00
sftp-server.8 upstream: standardise the grammar in the options list; issue 2021-08-03 09:39:57 +10:00
sftp-server.c Create replacement sys/time.h if needed. 2025-09-05 17:48:22 +10:00
sftp-usergroup.c upstream: the sftp code was one of my first contributions to 2023-09-08 15:59:08 +10:00
sftp-usergroup.h upstream: use users-groups-by-id@openssh.com sftp-server extension 2022-09-19 20:51:14 +10:00
sftp.1 upstream: sync -o option lists with ssh.1; requested jmc@ 2024-12-07 21:16:00 +11:00
sftp.c upstream: similar to scp, fix implicit destination path selection 2025-10-13 11:57:00 +11:00
sftp.h - dtucker@cvs.openbsd.org 2008/06/13 00:12:02 2008-06-13 10:22:54 +10:00
sk-api.h Fill in missing system header files. 2025-09-05 17:06:14 +10:00
sk-usbhid.c Fill in missing system header files. 2025-09-05 17:06:14 +10:00
smult_curve25519_ref.c - markus@cvs.openbsd.org 2013/11/02 21:59:15 2013-11-04 08:26:52 +11:00
sntrup761.c upstream: use 64 bit math to avoid signed underflow. upstream code 2024-09-16 15:37:51 +10:00
sntrup761.sh upstream: use 64 bit math to avoid signed underflow. upstream code 2024-09-16 15:37:51 +10:00
srclimit.c upstream: convert PerSourcePenalties to using floating point time, 2025-12-05 19:19:34 +11:00
srclimit.h upstream: Add a "refuseconnection" penalty class to sshd_config 2024-09-15 11:23:10 +10:00
ssh-add.1 upstream: When adding certificates to an agent, set the expiry to 2025-09-11 12:58:09 +10:00
ssh-add.c upstream: When loading FIDO2 resident keys, set the comment to the 2025-11-25 10:44:07 +11:00
ssh-agent.1 upstream: typos: a ssh* -> an ssh* 2025-10-06 12:18:28 +11:00
ssh-agent.c upstream: Remove calls to OpenSSL_add_all_algorithms() 2025-11-13 22:08:28 +11:00
ssh-ecdsa-sk.c Fix compilation with DEBUG_SK enabled 2024-12-02 20:41:28 +11:00
ssh-ecdsa.c upstream: Help OpenSSH's PKCS#11 support kick its meth habit. 2025-07-25 09:23:16 +10:00
ssh-ed25519-sk.c upstream: refactor sshkey_private_deserialize 2022-10-28 12:47:01 +11:00
ssh-ed25519.c upstream: factor out encoding of a raw ed25519 signature into its 2025-07-25 09:23:17 +10:00
ssh-gss.h upstream: remove prototypes with no matching function; ok djm@ 2024-05-22 14:21:13 +10:00
ssh-keygen.1 upstream: typos: a ssh* -> an ssh* 2025-10-06 12:18:28 +11:00
ssh-keygen.c upstream: Remove calls to OpenSSL_add_all_algorithms() 2025-11-13 22:08:28 +11:00
ssh-keyscan.1 upstream: typos: a ssh* -> an ssh* 2025-10-06 12:18:28 +11:00
ssh-keyscan.c Resync header order with upstream. 2025-09-05 20:39:16 +10:00
ssh-keysign.8 upstream: disable the DSA signature algorithm by default; ok 2024-06-17 18:48:29 +10:00
ssh-keysign.c upstream: Remove calls to OpenSSL_add_all_algorithms() 2025-11-13 22:08:28 +11:00
ssh-pkcs11-client.c upstream: cleanup file descriptors across PKCS#11 client/helper 2025-11-07 15:13:11 +11:00
ssh-pkcs11-helper.8 upstream: mention that the helpers are used by ssh(1), ssh-agent(1) 2022-04-29 13:26:24 +10:00
ssh-pkcs11-helper.c upstream: cleanup file descriptors across PKCS#11 client/helper 2025-11-07 15:13:11 +11:00
ssh-pkcs11.c upstream: pkcs11_fetch_ecdsa_pubkey: use ASN1_STRING accessors 2025-11-25 10:44:06 +11:00
ssh-pkcs11.h upstream: mention this is for both ssh-pkcs11.c and 2025-10-16 11:03:08 +11:00
ssh-rsa.c upstream: include openssl/bn.h explicitly in files where we use BN_* 2025-10-03 10:12:15 +10:00
ssh-sandbox.h upstream: Split per-connection sshd-session binary 2024-10-14 14:01:37 +11:00
ssh-sk-client.c upstream: Fix cases where error codes were not correctly set 2025-02-18 19:03:28 +11:00
ssh-sk-helper.8 upstream: mention that the helpers are used by ssh(1), ssh-agent(1) 2022-04-29 13:26:24 +10:00
ssh-sk-helper.c upstream: Help OpenSSH's PKCS#11 support kick its meth habit. 2025-07-25 09:23:16 +10:00
ssh-sk.c Fill in missing system header files. 2025-09-05 17:06:14 +10:00
ssh-sk.h upstream: When downloading resident keys from a FIDO token, pass 2021-10-28 13:56:59 +11:00
ssh.1 upstream: Add an ssh -Oconninfo command 2025-12-05 18:05:44 +11:00
ssh.c upstream: Add an ssh -Oconninfo command 2025-12-05 18:05:44 +11:00
ssh.h upstream: remove some unused defines; ok djm@ 2024-09-27 10:01:11 +10:00
ssh2.h upstream: Reserve a range of "local extension" message numbers that 2023-10-10 14:58:55 +11:00
ssh_api.c upstream: Remove calls to OpenSSL_add_all_algorithms() 2025-11-13 22:08:28 +11:00
ssh_api.h upstream: lots of typos in comments/docs. Patch from Karsten Weiss 2018-04-10 10:17:15 +10:00
ssh_config upstream: finally remove DSA signature support from OpenSSH. 2025-05-07 14:20:14 +10:00
ssh_config.5 upstream: typos: a ssh* -> an ssh* 2025-10-06 12:18:28 +11:00
sshbuf-getput-basic.c upstream: add a sshbuf_get_nulterminated_string() function to pull a 2025-11-21 12:56:27 +11:00
sshbuf-getput-crypto.c fix merge botch that broke !OPENSSL_HAS_ECC 2024-08-15 23:35:54 +10:00
sshbuf-io.c upstream: tidy headers; some junk snuck into sshbuf-misc.c and 2020-01-26 10:34:50 +11:00
sshbuf-misc.c Fill in missing system header files. 2025-09-05 17:06:14 +10:00
sshbuf.c upstream: Reorder calloc arguments 2024-08-15 11:01:50 +10:00
sshbuf.h upstream: add a sshbuf_get_nulterminated_string() function to pull a 2025-11-21 12:56:27 +11:00
sshconnect.c upstream: consistently use NULL for null pointer constants found 2025-09-25 17:01:40 +10:00
sshconnect.h upstream: Allow %-token and environment variable expansion in User, 2025-03-02 22:06:30 +11:00
sshconnect2.c upstream: memleak of keys not used for authentication; ok 2025-09-15 16:13:24 +10:00
sshd-auth.c upstream: Remove calls to OpenSSL_add_all_algorithms() 2025-11-13 22:08:28 +11:00
sshd-debug.sh upstream: spelling; ok djm@ 2024-12-05 01:28:54 +11:00
sshd-session.c upstream: Remove calls to OpenSSL_add_all_algorithms() 2025-11-13 22:08:28 +11:00
sshd.8 upstream: typos: a ssh* -> an ssh* 2025-10-06 12:18:28 +11:00
sshd.c upstream: Remove calls to OpenSSL_add_all_algorithms() 2025-11-13 22:08:28 +11:00
sshd_config upstream: Improve description of KbdInteractiveAuthentication. 2024-12-04 01:55:30 +11:00
sshd_config.5 upstream: move mention of default MaxStartups (which uses the 2025-11-25 12:15:02 +11:00
ssherr.c upstream: improve the error message for u2f enrollment errors by 2020-01-26 10:18:42 +11:00
ssherr.h upstream: improve the error message for u2f enrollment errors by 2020-01-26 10:18:42 +11:00
sshkey.c upstream: Support writing ED25519 keys in PKCS8 format. GHPR570 from 2025-11-25 12:12:00 +11:00
sshkey.h upstream: remove experimental support for XMSS keys; 2025-08-29 13:58:40 +10:00
sshlogin.c replace remaining manual logging of __func__ 2025-09-02 19:30:07 +10:00
sshlogin.h - (djm) [sshlogin.h] Fix prototype merge botch from 2006; bz#2134 2013-08-01 14:34:16 +10:00
sshpty.c Resync header order with upstream. 2025-09-05 20:37:04 +10:00
sshpty.h upstream commit 2016-11-29 16:51:27 +11:00
sshsig.c upstream: consistently use NULL for null pointer constants found 2025-09-25 17:01:40 +10:00
sshsig.h upstream: Add ssh-keygen -Y match-principals operation to perform 2021-11-27 18:22:41 +11:00
sshtty.c - djm@cvs.openbsd.org 2010/01/09 05:04:24 2010-01-09 22:26:23 +11:00
survey.sh.in - (dtucker) [config.sh.in] Collect oslevel -r too. 2005-02-15 21:26:32 +11:00
TODO upstream: finally remove DSA signature support from OpenSSH. 2025-05-07 14:20:14 +10:00
ttymodes.c upstream: remove global variable used to stash compat flags and use the 2021-01-27 20:28:25 +11:00
ttymodes.h upstream commit 2017-05-01 10:05:04 +10:00
uidswap.c replace remaining manual logging of __func__ 2025-09-02 19:30:07 +10:00
uidswap.h upstream: Remove support for running ssh(1) setuid and fatal if 2018-07-19 21:41:42 +10:00
umac.c upstream: Tabs->spaces. Removes diff vs portable. 2025-09-11 12:56:40 +10:00
umac.h upstream: spelling ok dtucker@ 2022-01-01 15:19:48 +11:00
umac128.c upstream commit 2018-02-09 20:00:18 +11:00
utf8.c upstream: expose vasnmprintf(); ok (as part of other commit) markus 2020-05-01 16:40:11 +10:00
utf8.h upstream: highly polished whitespace, mostly fixing spaces-for-tab 2021-04-03 17:23:02 +11:00
version.h upstream: openssh-10.2 2025-10-09 10:07:05 +11:00
xmalloc.c Fill in missing system header files. 2025-09-05 17:06:14 +10:00
xmalloc.h upstream: highly polished whitespace, mostly fixing spaces-for-tab 2021-04-03 17:23:02 +11:00

README.md

Portable OpenSSH

C/C++ CI VM CI CIFuzz Fuzzing Status Coverity Status

OpenSSH is a complete implementation of the SSH protocol (version 2) for secure remote login, command execution and file transfer. It includes a client ssh and server sshd, file transfer utilities scp and sftp as well as tools for key generation (ssh-keygen), run-time key storage (ssh-agent) and a number of supporting programs.

This is a port of OpenBSD's OpenSSH to most Unix-like operating systems, including Linux, OS X and Cygwin. Portable OpenSSH polyfills OpenBSD APIs that are not available elsewhere, adds sshd sandboxing for more operating systems and includes support for OS-native authentication and auditing (e.g. using PAM).

Documentation

The official documentation for OpenSSH are the man pages for each tool:

Stable Releases

Stable release tarballs are available from a number of download mirrors. We recommend the use of a stable release for most users. Please read the release notes for details of recent changes and potential incompatibilities.

Building Portable OpenSSH

Dependencies

Portable OpenSSH is built using autoconf and make. It requires a working C compiler, standard library and headers.

libcrypto from either LibreSSL or OpenSSL may also be used. OpenSSH may be built without either of these, but the resulting binaries will have only a subset of the cryptographic algorithms normally available.

zlib is optional; without it transport compression is not supported.

FIDO security token support needs libfido2 and its dependencies and will be enabled automatically if they are found.

In addition, certain platforms and build-time options may require additional dependencies; see README.platform for details about your platform.

Building a release

Release tarballs and release branches in git include a pre-built copy of the configure script and may be built using:

tar zxvf openssh-X.YpZ.tar.gz
cd openssh
./configure # [options]
make && make tests

See the Build-time Customisation section below for configure options. If you plan on installing OpenSSH to your system, then you will usually want to specify destination paths.

Building from git

If building from the git master branch, you'll need autoconf installed to build the configure script. The following commands will check out and build portable OpenSSH from git:

git clone https://github.com/openssh/openssh-portable # or https://anongit.mindrot.org/openssh.git
cd openssh-portable
autoreconf
./configure
make && make tests

Build-time Customisation

There are many build-time customisation options available. All Autoconf destination path flags (e.g. --prefix) are supported (and are usually required if you want to install OpenSSH).

For a full list of available flags, run ./configure --help but a few of the more frequently-used ones are described below. Some of these flags will require additional libraries and/or headers be installed.

Flag Meaning
--with-pam Enable PAM support. OpenPAM, Linux PAM and Solaris PAM are supported.
--with-libedit Enable libedit support for sftp.
--with-kerberos5 Enable Kerberos/GSSAPI support. Both Heimdal and MIT Kerberos implementations are supported.
--with-selinux Enable SELinux support.

Development

Portable OpenSSH development is discussed on the openssh-unix-dev mailing list (archive mirror). Bugs and feature requests are tracked on our Bugzilla.

Reporting bugs

Non-security bugs may be reported to the developers via Bugzilla or via the mailing list above. Security bugs should be reported to openssh@openssh.com.