Gentoo Packages

Search

Install

Install this package:

emerge -a net-misc/openssh-contrib

If the package is masked, you can unmask it using the autounmask tool or standard emerge options:

autounmask net-misc/openssh-contrib

Or alternatively:

emerge --autounmask-write -a net-misc/openssh-contrib

Package Information

Description:: OpenSSH is a FREE version of the SSH protocol suite of network connectivity tools that increasing numbers of people on the Internet are coming to rely on. Many users of telnet, rlogin, ftp, and other such programs might not realize that their password is transmitted across the Internet unencrypted, but it is. OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other network-level attacks. Additionally, OpenSSH provides a myriad of secure tunneling capabilities, as well as a variety of authentication methods. The OpenSSH suite includes the ssh program which replaces rlogin and telnet, scp which replaces rcp, and sftp which replaces ftp. Also included is sshd which is the server side of the package, and the other basic utilities like ssh-add, ssh-agent, ssh-keysign, ssh-keyscan, ssh-keygen and sftp-server. OpenSSH supports SSH protocol versions 1.3, 1.5, and 2.0. This package represents an effort to extend upstream OpenSSH with three big patchsets. WARNING: These patches are of lower quality than vanilla upstream OpenSSH and often have correctness issues. The patches are: * HPN (High performance SSH/SCP) adds custom ciphers that allow for more aggressive buffering and/or multithreading, leading to better network throughput. Many of these optimizations are not relevant anymore due to AEAD ciphers changing MAC nesting or because more CPU performant ciphers are being used in this day and age (ChaCha20). WARNING: HPN's multi-threaded AES CTR cipher is known to be broken and should not be relied upon. * SCTP patches by Patrick McLean. These enable SSH over SCTP. * X509 patches by Roumen Petrov. OpenSSH upstream will never support standard PKIs for authenticating users. This patch series adds support for X509 certificates.
Homepage:: https://www.openssh.com/
License:: BSD GPL-2

Versions

Version	EAPI	Keywords	Slot
9.7_p1-r4	8	~amd64	0

Metadata

Description

OpenSSH is a FREE version of the SSH protocol suite of network connectivity tools that increasing numbers of people on the Internet are coming to rely on. Many users of telnet, rlogin, ftp, and other such programs might not realize that their password is transmitted across the Internet unencrypted, but it is. OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other network-level attacks. Additionally, OpenSSH provides a myriad of secure tunneling capabilities, as well as a variety of authentication methods. The OpenSSH suite includes the ssh program which replaces rlogin and telnet, scp which replaces rcp, and sftp which replaces ftp. Also included is sshd which is the server side of the package, and the other basic utilities like ssh-add, ssh-agent, ssh-keysign, ssh-keyscan, ssh-keygen and sftp-server. OpenSSH supports SSH protocol versions 1.3, 1.5, and 2.0. This package represents an effort to extend upstream OpenSSH with three big patchsets. WARNING: These patches are of lower quality than vanilla upstream OpenSSH and often have correctness issues. The patches are: * HPN (High performance SSH/SCP) adds custom ciphers that allow for more aggressive buffering and/or multithreading, leading to better network throughput. Many of these optimizations are not relevant anymore due to AEAD ciphers changing MAC nesting or because more CPU performant ciphers are being used in this day and age (ChaCha20). WARNING: HPN's multi-threaded AES CTR cipher is known to be broken and should not be relied upon. * SCTP patches by Patrick McLean. These enable SSH over SCTP. * X509 patches by Roumen Petrov. OpenSSH upstream will never support standard PKIs for authenticating users. This patch series adds support for X509 certificates.

Maintainers

Patrick McLean (chutzpah@gentoo.org) - Type: person
Robin H. Johnson (robbat2@gentoo.org) - Type: person

Upstream

Remote IDs:
- cpe: cpe:/a:openbsd:openssh
- github: openssh/openssh-portable
- sourceforge: hpnssh

Raw Metadata XML

<pkgmetadata>
	<maintainer type="person">
		<email>chutzpah@gentoo.org</email>
		<name>Patrick McLean</name>
	</maintainer>
	<maintainer type="person">
		<email>robbat2@gentoo.org</email>
		<name>Robin H. Johnson</name>
	</maintainer>
	<longdescription>
		OpenSSH is a FREE version of the SSH protocol suite of network connectivity tools that
		increasing numbers of people on the Internet are coming to rely on. Many users of telnet,
		rlogin, ftp, and other such programs might not realize that their password is transmitted
		across the Internet unencrypted, but it is. OpenSSH encrypts all traffic (including passwords)
		to effectively eliminate eavesdropping, connection hijacking, and other network-level attacks.
		Additionally, OpenSSH provides a myriad of secure tunneling capabilities, as well as a variety
		of authentication methods.

		The OpenSSH suite includes the ssh program which replaces rlogin and telnet, scp which
		replaces rcp, and sftp which replaces ftp. Also included is sshd which is the server side of
		the package, and the other basic utilities like ssh-add, ssh-agent, ssh-keysign, ssh-keyscan,
		ssh-keygen and sftp-server. OpenSSH supports SSH protocol versions 1.3, 1.5, and 2.0.

		This package represents an effort to extend upstream OpenSSH with three big patchsets.

		WARNING: These patches are of lower quality than vanilla upstream OpenSSH and often have
		correctness issues.

		The patches are:

		* HPN (High performance SSH/SCP) adds custom ciphers that allow for more aggressive
		buffering and/or multithreading, leading to better network throughput. Many of these
		optimizations are not relevant anymore due to AEAD ciphers changing MAC nesting or
		because more CPU performant ciphers are being used in this day and age (ChaCha20).

		WARNING: HPN's multi-threaded AES CTR cipher is known to be broken and should not be relied upon.

		* SCTP patches by Patrick McLean. These enable SSH over SCTP.

		* X509 patches by Roumen Petrov. OpenSSH upstream will never support standard PKIs for
		authenticating users. This patch series adds support for X509 certificates.
	</longdescription>
	<use>
		<flag name="hpn">Enable high performance ssh</flag>
		<flag name="ldns">Use LDNS for DNSSEC/SSHFP validation.</flag>
		<flag name="livecd">Enable root password logins for live-cd environment.</flag>
		<flag name="security-key">Include builtin U2F/FIDO support</flag>
		<flag name="ssl">Enable additional crypto algorithms via OpenSSL</flag>
		<flag name="X509">Adds support for X.509 certificate authentication</flag>
		<flag name="xmss">Enable XMSS post-quantum authentication algorithm</flag>
	</use>
	<upstream>
		<remote-id type="cpe">cpe:/a:openbsd:openssh</remote-id>
		<remote-id type="github">openssh/openssh-portable</remote-id>
		<remote-id type="sourceforge">hpnssh</remote-id>
	</upstream>
</pkgmetadata>

Lint Warnings

[Warning] USE flag 'abi_mips_n32' in ebuild 9.7_p1-r4 is not documented in metadata.xml
[Warning] USE flag 'audit' in ebuild 9.7_p1-r4 is not documented in metadata.xml
[Warning] USE flag 'debug' in ebuild 9.7_p1-r4 is not documented in metadata.xml
[Warning] USE flag 'kerberos' in ebuild 9.7_p1-r4 is not documented in metadata.xml
[Warning] USE flag 'libedit' in ebuild 9.7_p1-r4 is not documented in metadata.xml
[Warning] USE flag 'pam' in ebuild 9.7_p1-r4 is not documented in metadata.xml
[Warning] USE flag 'pie' in ebuild 9.7_p1-r4 is not documented in metadata.xml
[Warning] USE flag 'selinux' in ebuild 9.7_p1-r4 is not documented in metadata.xml
[Warning] USE flag 'static' in ebuild 9.7_p1-r4 is not documented in metadata.xml
[Warning] USE flag 'test' in ebuild 9.7_p1-r4 is not documented in metadata.xml
[Warning] USE flag 'X' in ebuild 9.7_p1-r4 is not documented in metadata.xml
[Error] Missing md5-cache for ebuild openssh-contrib-9.7_p1-r4

USE Flags

Manage flags for this package: euse -i <flag> -p net-misc/openssh-contrib | euse -E <flag> -p net-misc/openssh-contrib | euse -D <flag> -p net-misc/openssh-contrib

Flag	Description	9.7_p1-r4
X	Add support for X11	✓
X509	Adds support for X.509 certificate authentication	✓
abi_mips_n32	64-bit (32-bit pointer) libraries	✓
audit	Enable support for Linux audit subsystem using sys-process/audit	✓
debug	Enable extra debug codepaths, like asserts and extra output. If you want to get meaningful backtraces see https://wiki.gentoo.org/wiki/Project:Quality_Assurance/Backtraces	✓
hpn	Enable high performance ssh	✓
kerberos	Add kerberos support	✓
ldns	Use LDNS for DNSSEC/SSHFP validation.	✓
libedit	Use the libedit library (replacement for readline)	✓
livecd	Enable root password logins for live-cd environment.	✓
pam	Add support for PAM (Pluggable Authentication Modules) - DANGEROUS to arbitrarily flip	✓
pie	Build programs as Position Independent Executables (a security hardening technique)	⊕
security-key	Include builtin U2F/FIDO support	✓
selinux	!!internal use only!! Security Enhanced Linux support, this must be set by the selinux profile or breakage will occur	✓
ssl	Enable additional crypto algorithms via OpenSSL	⊕
static	!!do not set this during bootstrap!! Causes binaries to be statically linked instead of dynamically	✓
test	Enable dependencies and/or preparations necessary to run tests (usually controlled by FEATURES=test but can be toggled independently)	✓
xmss	Enable XMSS post-quantum authentication algorithm	✓

Files

openssh-9.0_p1-X509-uninitialized-delay.patch
openssh-9.4_p1-Allow-MAP_NORESERVE-in-sandbox-seccomp-filter-maps.patch
openssh-9.6_p1-CVE-2024-6387.patch
openssh-9.6_p1-chaff-logic.patch
openssh-9.6_p1-fix-xmss-c99.patch
openssh-9.6_p1-hpn-version.patch
openssh-9.7_p1-X509-CVE-2024-6387.patch
openssh-9.7_p1-config-tweaks.patch
sshd-r1.confd
sshd-r1.initd
sshd.pam_include.2
sshd.service.1
sshd.socket
sshd_at.service.1

Manifest

Type	File	Size	Versions

Unmatched Entries

Type	File	Size
DIST	openssh-8_5_P1-hpn-DynWinNoneSwitch-15.2.diff	51428 bytes
DIST	openssh-8_5_P1-hpn-PeakTput-15.2.diff	2429 bytes
DIST	openssh-9.6_p1-hpn-15.2-glue.patch.xz	5028 bytes
DIST	openssh-9.7_p1-X509-glue-15.0.patch.xz	1532 bytes
DIST	openssh-9.7_p1-hpn-15.2-X509-15.0-glue.patch.xz	5472 bytes
DIST	openssh-9.7p1+x509-15.0.diff.gz	1239003 bytes
DIST	openssh-9.7p1.tar.gz	1848766 bytes
DIST	openssh-9.7p1.tar.gz.asc	833 bytes

net-misc/openssh-contrib (gentoo)