{"bugs":[{"bugid":830623,"firstseen":"2025-07-11T02:48:40.189262","severity":"normal","status":"UNCONFIRMED","summary":"net-misc\/openssh-contrib fails with SecureCRT 9 when HPN is enabled"},{"bugid":907880,"firstseen":"2025-07-11T02:48:40.189262","severity":"normal","status":"CONFIRMED","summary":"net-misc\/openssh-contrib-9.7_p1-r4 has implicit function declarations in configure logs (MUSL-SYSTEM)"},{"bugid":911264,"firstseen":"2025-07-11T02:48:40.189262","severity":"normal","status":"CONFIRMED","summary":"net-misc\/openssh-contrib-9.3_p2 fails test - cmp: ...\/copy: No such file or directory"},{"bugid":932142,"firstseen":"2025-07-11T02:48:40.189262","severity":"normal","status":"CONFIRMED","summary":"net-misc\/openssh-contrib-9.7_p1-r1 - configure: error: No usable libfido2 library\/headers found"},{"bugid":934654,"firstseen":"2025-07-11T02:48:40.189262","severity":"normal","status":"CONFIRMED","summary":"net-misc\/openssh-contrib-9.7_p1-r3 - [perl-5.40] [meson-9999] [icu-75.1] xmss_hash.c: error: implicit declaration of function SHA256 [-Wimplicit-function-declaration]"},{"bugid":935408,"firstseen":"2025-07-11T02:48:40.189262","severity":"normal","status":"UNCONFIRMED","summary":"net-misc\/openssh-contrib-9.7_p1-r4 does not install ssh_revoked_keys config file"},{"bugid":946852,"firstseen":"2025-07-11T02:48:40.189262","severity":"normal","status":"UNCONFIRMED","summary":"net-misc\/openssh-9.9_p1[-ssl], net-misc\/openssh-contrib-9.7_p1-r4[-ssl] installs broken config file"},{"bugid":951365,"firstseen":"2025-07-11T02:48:40.189262","severity":"normal","status":"CONFIRMED","summary":"net-misc\/openssh-contrib-9.7_p1-r4 - [go-1.24] [gcc-15] checking OpenSSL library version... configure: error: Unknown\/unsupported OpenSSL version (30400010 (OpenSSL 3.4.1"}],"categories":[{"categoryid":1490,"name":"acct-group","summary":"The acct-group category contains packages for system groups."},{"categoryid":1491,"name":"acct-user","summary":"The acct-user category contains packages for system users."},{"categoryid":312,"name":"app-crypt","summary":"The app-crypt category contains cryptographic (encryption, decryption, steganography and signing) software."},{"categoryid":393,"name":"dev-libs","summary":"The dev-libs category contains various miscellaneous programming libraries."},{"categoryid":320,"name":"net-libs","summary":"The net-libs category contains libraries that are network-related."},{"categoryid":451,"name":"net-misc","summary":"The net-misc category contains various miscellaneous networking tools and utilities."},{"categoryid":343,"name":"sys-apps","summary":"The sys-apps category contains various core system applications, and some non-core system applications which have not yet been moved out into other sys- categories."},{"categoryid":447,"name":"sys-auth","summary":"The sys-auth category contains applications and libraries to support authentication and authorization facilities. Here belongs PAM modules, NSS modules and login apps."},{"categoryid":363,"name":"sys-kernel","summary":"The sys-kernel category contains kernel source ebuilds and kernel-related tools."},{"categoryid":381,"name":"sys-libs","summary":"The sys-libs category contains various system-level libraries."},{"categoryid":325,"name":"sys-process","summary":"The sys-process category contains packages which query or manipulate processes. The 'cron' daemons are included in this."},{"categoryid":396,"name":"virtual","summary":"The virtual category contains packages which satisfy virtual dependencies."}],"changelog":[{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"5a1adb610b1d91ab6683cbe671e266f424224c16","committime":"2025-11-04T08:35:48","packageid":76137,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"mgorny@gentoo.org","authorname":"Michał Górny","body":"Update done using:\n\n```\ngit grep -l sys-libs\/zlib net-* | xargs sed -i -e s@sys-libs\/zlib@virtual\/zlib@g\ngit diff --name-only | xargs copybump\ngit diff --name-only | xargs grep -l PYTHON_COMPAT | xargs gpy-impl -@dead\npkgcheck scan --commits -c SourcingCheck,VisibilityCheck --exit error\n```\n\nFollowed by revert in net-misc\/turbovnc.\n\nSigned-off-by: Michał Górny ","commitid":"9e2a2f1a08f1368e1842b3b8f2d4e190bddee73c","committime":"2025-11-04T08:12:25","packageid":76137,"repoid":1,"summary":"net-*\/*: update for virtual\/zlib"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"0b802db90b15dce624bee56b7ba647a352c7f9ac","committime":"2025-02-22T09:49:41","packageid":76137,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"ulm@gentoo.org","authorname":"Ulrich Müller","body":"Signed-off-by: Ulrich Müller ","commitid":"8fcd1c8782510056ce32080039010e64d60f8e25","committime":"2025-02-14T14:11:48","packageid":76137,"repoid":1,"summary":"net-misc\/openssh-contrib: Port to ver_replacing"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"853bd19e3a45a6fea4ee380ed6243e2018ce75bf","committime":"2024-07-02T17:18:54","packageid":76137,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"chutzpah@gentoo.org","authorname":"Patrick McLean","body":"Signed-off-by: Patrick McLean ","commitid":"0e051250054fd1c88557a958d97820ff6c0687ef","committime":"2024-07-02T17:06:46","packageid":76137,"repoid":1,"summary":"net-misc\/openssh-contrib: drop 9.6_p1, 9.7_p1-r1"},{"authoremail":"chutzpah@gentoo.org","authorname":"Patrick McLean","body":"Bug: https:\/\/bugs.gentoo.org\/935271\nSigned-off-by: Patrick McLean ","commitid":"615ab9d0a7ea42e3fa992a2f728c45019f8706c2","committime":"2024-07-02T17:02:29","packageid":76137,"repoid":1,"summary":"net-misc\/openssh-contrib: Revbump, add fix for CVE-2024-6387"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"079f05224043f3829c3844c4e0541a9ee1d104d2","committime":"2024-06-12T09:48:57","packageid":76137,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"chewi@gentoo.org","authorname":"James Le Cuirot","body":"OpenSSH itself automatically adjusts the paths in sshd_config but not in our\ndrop-ins, so I missed this. Sorry!\n\nSigned-off-by: James Le Cuirot ","commitid":"6f42017f1c4cb1ff42618a097f87fceffbdf1ad3","committime":"2024-06-12T09:36:25","packageid":76137,"repoid":1,"summary":"net-misc\/openssh*: Fix sftp-server path in config drop-in"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"eae1f2604bdf4313d69506acb786af37cd030df4","committime":"2024-06-10T16:48:55","packageid":76137,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"chewi@gentoo.org","authorname":"James Le Cuirot","body":"- Put the Include option before options that introduce conditional\n blocks to avoid having the drop-in files to be included\n conditionally. For client configs the options that introduce such\n blocks are Match and Host options, for daemon configs it is the\n Match option.\n\n- Move the Subsystem option out of the top-level daemon config into a\n separate drop-in. That way we can add the drop-in into INSTALL_MASK\n if we want to provide custom drop-in with a different settings for\n subsystems. This is necessary as there is no way to override a\n once-specified subsystem - doing so results in daemon printing an\n error and quitting.\n\nCloses: https:\/\/bugs.gentoo.org\/907068\nCloses: https:\/\/github.com\/gentoo\/gentoo\/pull\/31615\nSigned-off-by: James Le Cuirot ","commitid":"839c2c622c0a175ecbbfab904c6066708a4d48c5","committime":"2024-06-10T16:35:58","packageid":76137,"repoid":1,"summary":"net-misc\/openssh*: Use patch to fix Include and move Subsystem config"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"e817756739654c06c8a96e8fb68a3da1ba3af055","committime":"2024-04-30T18:48:55","packageid":76137,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"watermanpaint@posteo.net","authorname":"Lucio Sauer","body":"bump copyright of touched ebuilds to 2024\n\nSigned-off-by: Lucio Sauer \nSigned-off-by: Michał Górny ","commitid":"794061a3298b5716db015defa7b3e2c583b73980","committime":"2024-04-12T10:47:52","packageid":76137,"repoid":1,"summary":"*\/*: inline mirror:\/\/sourceforge"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"42633f627c7fcaed0c59149bbd4ad1441868c052","committime":"2024-03-25T21:34:42","packageid":76137,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"chutzpah@gentoo.org","authorname":"Patrick McLean","body":"Signed-off-by: Patrick McLean ","commitid":"4e55535c1e0c49190c257e359a8e3c0c94f18fa4","committime":"2024-03-25T21:29:19","packageid":76137,"repoid":1,"summary":"net-misc\/openssh-contrib: Revbump, sync with openssh, remove old"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"be06281879d1401956d9fc2bf5ee0390a31e54ed","committime":"2024-03-21T22:52:25","packageid":76137,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"chutzpah@gentoo.org","authorname":"Patrick McLean","body":"Signed-off-by: Patrick McLean ","commitid":"78b678bf06efe43d591f3766b4e59ffb1400a864","committime":"2024-03-21T22:36:43","packageid":76137,"repoid":1,"summary":"net-misc\/openssh-contrib: add 9.7_p1"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"0731f9f95c20da815521c3b29a1bbdcc397ade72","committime":"2024-02-07T00:33:20","packageid":76137,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"chutzpah@gentoo.org","authorname":"Patrick McLean","body":"Signed-off-by: Patrick McLean ","commitid":"35dcf6991efbdb3b23eb97f0580c9d942a173da5","committime":"2024-02-07T00:21:23","packageid":76137,"repoid":1,"summary":"net-misc\/openssh-contrib: drop 9.3_p1, 9.3_p2, 9.4_p1-r1"},{"authoremail":"chutzpah@gentoo.org","authorname":"Patrick McLean","body":"Signed-off-by: Patrick McLean ","commitid":"1dced2a968c2d6c0011604dce4366129ffe4b816","committime":"2024-02-07T00:20:53","packageid":76137,"repoid":1,"summary":"net-misc\/openssh-contrib: add 9.6_p1"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"d385f1a98c096585ae569e73f1e1240162cc0791","committime":"2024-01-15T16:18:21","packageid":76137,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"mgorny@gentoo.org","authorname":"Michał Górny","body":"Signed-off-by: Michał Górny ","commitid":"1ee062ba1d57ad391adee1c135dcf474dc30d6b4","committime":"2024-01-14T20:19:46","packageid":76137,"repoid":1,"summary":"Move {sys-devel → dev-build}\/autoconf"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"407072b35bf389685ef40fc732f846aaafe930a7","committime":"2023-10-31T20:08:09","packageid":76137,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"floppym@gentoo.org","authorname":"Mike Gilbert","body":"Signed-off-by: Mike Gilbert ","commitid":"78213a89b4a602460bf81ba5fab8eed561091ade","committime":"2023-10-31T18:12:52","packageid":76137,"repoid":1,"summary":"Remove BROOT from VERIFY_SIG_OPENPGP_KEY_PATH"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"6adbc4eb32146a86a1208446f2340491cc2c6aff","committime":"2023-10-05T22:36:43","packageid":76137,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"chutzpah@gentoo.org","authorname":"Patrick McLean","body":"Signed-off-by: Patrick McLean ","commitid":"6b990a1a411e82ed1c6b818f71a4f104324fade2","committime":"2023-10-05T22:16:45","packageid":76137,"repoid":1,"summary":"net-misc\/openssh-contrib: add 9.5_p1"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"fdd4534dcb418fac65300365f061490989af0246","committime":"2023-08-21T19:01:39","packageid":76137,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"chutzpah@gentoo.org","authorname":"Patrick McLean","body":"Closes: https:\/\/bugs.gentoo.org\/912767\nSigned-off-by: Patrick McLean ","commitid":"41785a11e327124c8dee9ea3693bb119a2b9fc9b","committime":"2023-08-21T18:50:49","packageid":76137,"repoid":1,"summary":"net-misc\/openssh-contrib: Add patch for zlib-1.3 (bug #912767)"},{"authoremail":"chutzpah@gentoo.org","authorname":"Patrick McLean","body":"Bug: https:\/\/bugs.gentoo.org\/912767\nSigned-off-by: Patrick McLean ","commitid":"4d8d554dc36be80ca3807e35667af8611446b54f","committime":"2023-08-21T18:49:05","packageid":76137,"repoid":1,"summary":"net-misc\/openssh-contrib: Revbump, X509 14.2.1, zlib patch (bug #912767)"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"98d707baf9f4a5bd342b75f1a2e7e790205574dd","committime":"2023-08-14T19:03:41","packageid":76137,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"chutzpah@gentoo.org","authorname":"Patrick McLean","body":"Signed-off-by: Patrick McLean ","commitid":"509df9d6d6582a4927cfe0c7ec08972a43b79e64","committime":"2023-08-14T18:55:19","packageid":76137,"repoid":1,"summary":"net-misc\/openssh-contrib: add 9.4_p1"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"65bc4f8fc9e670d41bc8854e111d38b68d9d39c0","committime":"2023-07-24T22:46:38","packageid":76137,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"chutzpah@gentoo.org","authorname":"Patrick McLean","body":"Signed-off-by: Patrick McLean ","commitid":"485789457e7dc78a60bc5a6a771f996cc500062d","committime":"2023-07-24T22:39:35","packageid":76137,"repoid":1,"summary":"net-misc\/openssh-contrib: unkeyword 9.3_p1 for ~amd64"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"bc915cbb4d29250421dd988c9a809d22ecf7897d","committime":"2023-07-24T22:31:40","packageid":76137,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"chutzpah@gentoo.org","authorname":"Patrick McLean","body":"Signed-off-by: Patrick McLean ","commitid":"71b6527ea4d7d180f63e3f7aa4567206bef9d3a4","committime":"2023-07-24T22:15:10","packageid":76137,"repoid":1,"summary":"net-misc\/openssh-contrib: add 9.3_p2"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"b5a60f8cd53ddc467d53e4750fa0110dca52bceb","committime":"2023-06-26T15:16:55","packageid":76137,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"sam@gentoo.org","authorname":"Sam James","body":"Support is already gone.\n\nCloses: https:\/\/bugs.gentoo.org\/909191\nSigned-off-by: Sam James ","commitid":"acde9b9d754c567a61650e840b626bf32557251c","committime":"2023-06-26T15:13:47","packageid":76137,"repoid":1,"summary":"net-misc\/openssh-contrib: drop libc_Cygwin cruft"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"f6be0e0ce9e975c3556c8967df5dbf831ce2f6ca","committime":"2023-05-11T20:16:55","packageid":76137,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"sam@gentoo.org","authorname":"Sam James","body":"Signed-off-by: Sam James ","commitid":"d7341c7a0438bde8a99f6a02cc0daf85590a9e78","committime":"2023-05-09T21:26:24","packageid":76137,"repoid":1,"summary":"net-misc\/openssh-contrib: tweak config file names"},{"authoremail":"soap@gentoo.org","authorname":"David Seifert","body":"This package will include the three big third-party patch series for\nHPN\/SCTP\/X509 functionality in OpenSSH. Historically, these patches\nhave caused numerous issues for users in the OpenSSH package and they\nare of questionable quality. By maintaining these patches in a\nseparate package, we can minimize the effect of them on the garden\npath, which should be to provide our users with a minimally patched\nOpenSSH experience. Furthermore, since vanilla OpenSSH package will\nnot require a large chunk of rebasing for these patches, we can more\neasily bump OpenSSH for new releases.\n\nSigned-off-by: David Seifert \nSigned-off-by: Sam James ","commitid":"f23d1796f90a0981b4b31a97260cf97a5ed72180","committime":"2023-05-08T20:56:02","packageid":76137,"repoid":1,"summary":"net-misc\/openssh-contrib: new package, add 9.3_p1"},{"authoremail":"sam@gentoo.org","authorname":"Sam James","body":"See https:\/\/github.blog\/2023-03-23-we-updated-our-rsa-ssh-host-key\/.\n\nIt's necessary for the old github.com key to be explicitly removed (or revoked)\nrather than just selecting a new key, i.e. it's possible for users to be silently\naffected but not see the error because github.com may not serve them an RSA key.\n\nRevoke the old github.com key as part of the ebuild to help users out.\n\nCloses: https:\/\/github.com\/gentoo\/gentoo\/pull\/30327\nCloses: https:\/\/github.com\/gentoo\/gentoo\/pull\/30897\nSigned-off-by: Sam James ","commitid":"a3392cb674cc568575d1dfe3c35c3fc907cb2a8f","committime":"2023-05-08T17:07:09","packageid":76137,"repoid":1,"summary":"net-misc\/openssh-contrib: revoke github.com's compromised RSA host key"},{"authoremail":"sam@gentoo.org","authorname":"Sam James","body":"Debian patches this into their config already and we found ourselves wanting\nit when looking at handling the github.com SSH key change\/rotation.\n\n\/etc\/ssh\/ssh_config.d and \/etc\/ssh\/sshd_config.d both become directories\nwhere users can add their own configuration files, but we also install the Gentoo\nsnippets formerly in ssh_config and sshd_config in there instead.\n\nSigned-off-by: Sam James ","commitid":"988aa8b2fcff709be8f4deb43d7f8e8667506600","committime":"2023-05-08T17:06:39","packageid":76137,"repoid":1,"summary":"net-misc\/openssh-contrib: use \/etc\/ssh\/ssh_config.d and \/etc\/ssh\/sshd_config.d for config dropinsa"}],"dependencies":[{"block":false,"categoryid":325,"description":"Userspace utilities for storing and processing auditing records","ebuildids":[831607,831607],"firstseen":"2010-05-04T00:54:45.661860","maintainer":"robbat2@gentoo.org","name":"audit","packageid":42525},{"block":false,"categoryid":381,"description":"Linux-PAM (Pluggable Authentication Modules)","ebuildids":[831607],"firstseen":"2010-05-04T00:54:45.661860","maintainer":"pam-bugs@gentoo.org","name":"pam","packageid":46798},{"block":false,"categoryid":393,"description":"Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)","ebuildids":[831607,831607],"firstseen":"2010-05-04T00:54:45.661860","maintainer":"base-system@gentoo.org","maintainername":"Gentoo Base System","name":"openssl","packageid":47630},{"block":false,"categoryid":381,"description":"SELinux userland library","ebuildids":[831607,831607],"firstseen":"2010-05-04T00:54:45.661860","maintainer":"selinux@gentoo.org","maintainername":"SELinux Team","name":"libselinux","packageid":48679,"summary":"Libselinux provides an API for SELinux applications to get and set process and file security contexts and to obtain security policy decisions. Required for any applications that use the SELinux API."},{"block":false,"categoryid":363,"description":"Linux system headers","ebuildids":[831607],"firstseen":"2010-05-04T00:54:45.661860","maintainer":"toolchain@gentoo.org","maintainername":"Gentoo Toolchain Project","name":"linux-headers","packageid":52472},{"block":false,"categoryid":393,"description":"BSD replacement for libreadline","ebuildids":[831607,831607],"firstseen":"2010-05-04T00:54:45.661860","maintainer":"bsd@gentoo.org","maintainername":"BSD Project","name":"libedit","packageid":53869,"summary":"GNU Readline is cool, but BSD Readline is cooler :) Thus here is libedit by the NetBSD folks! The glibc\/bsdlibc stuff comes from the debian tarball, thanks to them too :) The patch is handcrafted with a few ideas from libedit.sf.net and a few ideas from the debian package. This patch aims to be as small as possible (so as to make future cvs snapshots cake)."},{"block":false,"categoryid":320,"description":"Library that aims to simplify DNS programming in C","ebuildids":[831607,831607,831607],"firstseen":"2010-05-04T00:54:45.661860","maintainer":"mschiff@gentoo.org","maintainername":"Marc Schiffbauer","name":"ldns","packageid":55577,"summary":"ldns is a library with the aim to simplify DNS programming in C. All lowlevel DNS\/DNSSEC operations are supported. We also define a higher level API which allows a programmer to (for instance) create or sign packets."},{"block":false,"categoryid":396,"description":"Virtual for Kerberos V implementation","ebuildids":[831607],"firstseen":"2011-03-13T14:41:37.560066","maintainer":"kerberos@gentoo.org","maintainername":"Kerberos","name":"krb5","packageid":57087},{"block":false,"categoryid":396,"description":"Virtual for operating system headers","ebuildids":[831607],"firstseen":"2011-04-14T14:38:49.700200","maintainer":"toolchain@gentoo.org","maintainername":"Gentoo Toolchain Project","name":"os-headers","packageid":57232},{"block":false,"categoryid":1490,"description":"System group: sshd","ebuildids":[831607],"firstseen":"2020-02-05T02:48:51.569604","name":"sshd","packageid":70786},{"block":false,"categoryid":1491,"description":"User for ssh","ebuildids":[831607],"firstseen":"2020-02-05T02:48:51.569604","name":"sshd","packageid":70787},{"block":false,"categoryid":396,"description":"Virtual for libcrypt.so","ebuildids":[831607,831607],"firstseen":"2020-02-06T19:43:53.689104","name":"libcrypt","packageid":70797},{"block":false,"categoryid":396,"description":"Virtual for libz.so providers","ebuildids":[831607,831607],"firstseen":"2025-11-04T07:31:41.418357","name":"zlib","packageid":78605}],"depending":[{"block":true,"categoryid":451,"description":"Port of OpenBSD's free SSH release","ebuildids":[859846,876888,876889,876890,878197,878742,891970,894230],"firstseen":"2010-05-04T00:54:45.661860","maintainer":"base-system@gentoo.org","maintainername":"Gentoo Base System","name":"openssh","packageid":42420,"summary":"OpenSSH is a FREE version of the SSH protocol suite of network connectivity tools that increasing numbers of people on the Internet are coming to rely on. Many users of telnet, rlogin, ftp, and other such programs might not realize that their password is transmitted across the Internet unencrypted, but it is. OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other network-level attacks. Additionally, OpenSSH provides a myriad of secure tunneling capabilities, as well as a variety of authentication methods. The OpenSSH suite includes the ssh program which replaces rlogin and telnet, scp which replaces rcp, and sftp which replaces ftp. Also included is sshd which is the server side of the package, and the other basic utilities like ssh-add, ssh-agent, ssh-keysign, ssh-keyscan, ssh-keygen and sftp-server. OpenSSH supports SSH protocol versions 1.3, 1.5, and 2.0."},{"block":false,"categoryid":312,"description":"Simple PKCS11 provider for TPM chips","ebuildids":[787618],"firstseen":"2015-05-20T13:39:54.162317","maintainer":"perfinion@gentoo.org","name":"simple-tpm-pk11","packageid":63463},{"block":false,"categoryid":396,"description":"Virtual for net-misc\/openssh and variants","ebuildids":[787023,874724],"firstseen":"2023-05-11T21:20:47.473901","name":"openssh","packageid":76138},{"block":true,"categoryid":451,"description":"OpenSSH fork with X.509 v3 certificate support","ebuildids":[874723,874723,878195,878195,880207,880207,886129,886129],"firstseen":"2025-09-05T21:38:30.040166","name":"pkixssh","packageid":78509}],"ebuilds":[{"archs":["~amd64"],"ebuildid":831607,"firstseen":"2024-07-02T18:37:18.600084","license":"BSD GPL-2","moddate":"2026-03-22T20:20:57","packageid":76137,"repoid":1,"slot":"0","uses":["X","X509","abi_mips_n32","audit","debug","hpn","kerberos","ldns","libedit","livecd","pam","pie","security-key","selinux","ssl","static","test","verify-sig","xmss"],"version":"9.7_p1-r4"}],"masks":[],"package":{"categoryid":451,"description":"Port of OpenBSD's free SSH release with HPN\/X509 patches","firstseen":"2023-05-11T21:20:47.473901","name":"openssh-contrib","packageid":76137,"summary":"OpenSSH is a FREE version of the SSH protocol suite of network connectivity tools that increasing numbers of people on the Internet are coming to rely on. Many users of telnet, rlogin, ftp, and other such programs might not realize that their password is transmitted across the Internet unencrypted, but it is. OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other network-level attacks. Additionally, OpenSSH provides a myriad of secure tunneling capabilities, as well as a variety of authentication methods. The OpenSSH suite includes the ssh program which replaces rlogin and telnet, scp which replaces rcp, and sftp which replaces ftp. Also included is sshd which is the server side of the package, and the other basic utilities like ssh-add, ssh-agent, ssh-keysign, ssh-keyscan, ssh-keygen and sftp-server. OpenSSH supports SSH protocol versions 1.3, 1.5, and 2.0. This package represents an effort to extend upstream OpenSSH with three big patchsets. WARNING: These patches are of lower quality than vanilla upstream OpenSSH and often have correctness issues. The patches are: * HPN (High performance SSH\/SCP) adds custom ciphers that allow for more aggressive buffering and\/or multithreading, leading to better network throughput. Many of these optimizations are not relevant anymore due to AEAD ciphers changing MAC nesting or because more CPU performant ciphers are being used in this day and age (ChaCha20). WARNING: HPN's multi-threaded AES CTR cipher is known to be broken and should not be relied upon. * SCTP patches by Patrick McLean. These enable SSH over SCTP. * X509 patches by Roumen Petrov. OpenSSH upstream will never support standard PKIs for authenticating users. This patch series adds support for X509 certificates."},"rdependencies":[{"block":true,"categoryid":451,"description":"Port of OpenBSD's free SSH release","ebuildids":[831607],"firstseen":"2010-05-04T00:54:45.661860","maintainer":"base-system@gentoo.org","maintainername":"Gentoo Base System","name":"openssh","packageid":42420,"summary":"OpenSSH is a FREE version of the SSH protocol suite of network connectivity tools that increasing numbers of people on the Internet are coming to rely on. Many users of telnet, rlogin, ftp, and other such programs might not realize that their password is transmitted across the Internet unencrypted, but it is. OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other network-level attacks. Additionally, OpenSSH provides a myriad of secure tunneling capabilities, as well as a variety of authentication methods. The OpenSSH suite includes the ssh program which replaces rlogin and telnet, scp which replaces rcp, and sftp which replaces ftp. Also included is sshd which is the server side of the package, and the other basic utilities like ssh-add, ssh-agent, ssh-keysign, ssh-keyscan, ssh-keygen and sftp-server. OpenSSH supports SSH protocol versions 1.3, 1.5, and 2.0."},{"block":false,"categoryid":325,"description":"Userspace utilities for storing and processing auditing records","ebuildids":[831607],"firstseen":"2010-05-04T00:54:45.661860","maintainer":"robbat2@gentoo.org","name":"audit","packageid":42525},{"block":false,"categoryid":381,"description":"Linux-PAM (Pluggable Authentication Modules)","ebuildids":[831607],"firstseen":"2010-05-04T00:54:45.661860","maintainer":"pam-bugs@gentoo.org","name":"pam","packageid":46798},{"block":false,"categoryid":393,"description":"Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)","ebuildids":[831607],"firstseen":"2010-05-04T00:54:45.661860","maintainer":"base-system@gentoo.org","maintainername":"Gentoo Base System","name":"openssl","packageid":47630},{"block":false,"categoryid":381,"description":"SELinux userland library","ebuildids":[831607],"firstseen":"2010-05-04T00:54:45.661860","maintainer":"selinux@gentoo.org","maintainername":"SELinux Team","name":"libselinux","packageid":48679,"summary":"Libselinux provides an API for SELinux applications to get and set process and file security contexts and to obtain security policy decisions. Required for any applications that use the SELinux API."},{"block":false,"categoryid":393,"description":"BSD replacement for libreadline","ebuildids":[831607],"firstseen":"2010-05-04T00:54:45.661860","maintainer":"bsd@gentoo.org","maintainername":"BSD Project","name":"libedit","packageid":53869,"summary":"GNU Readline is cool, but BSD Readline is cooler :) Thus here is libedit by the NetBSD folks! The glibc\/bsdlibc stuff comes from the debian tarball, thanks to them too :) The patch is handcrafted with a few ideas from libedit.sf.net and a few ideas from the debian package. This patch aims to be as small as possible (so as to make future cvs snapshots cake)."},{"block":false,"categoryid":343,"description":"Utilities to deal with user accounts","ebuildids":[831607],"firstseen":"2010-05-04T00:54:45.661860","maintainer":"base-system@gentoo.org","maintainername":"Gentoo Base System","name":"shadow","packageid":55072},{"block":false,"categoryid":447,"description":"PAM base configuration files","ebuildids":[831607],"firstseen":"2010-05-04T00:54:45.661860","maintainer":"pam-bugs@gentoo.org","name":"pambase","packageid":55230},{"block":false,"categoryid":320,"description":"Library that aims to simplify DNS programming in C","ebuildids":[831607,831607],"firstseen":"2010-05-04T00:54:45.661860","maintainer":"mschiff@gentoo.org","maintainername":"Marc Schiffbauer","name":"ldns","packageid":55577,"summary":"ldns is a library with the aim to simplify DNS programming in C. All lowlevel DNS\/DNSSEC operations are supported. We also define a higher level API which allows a programmer to (for instance) create or sign packets."},{"block":false,"categoryid":396,"description":"Virtual for Kerberos V implementation","ebuildids":[831607],"firstseen":"2011-03-13T14:41:37.560066","maintainer":"kerberos@gentoo.org","maintainername":"Kerberos","name":"krb5","packageid":57087},{"block":false,"categoryid":1490,"description":"System group: sshd","ebuildids":[831607],"firstseen":"2020-02-05T02:48:51.569604","name":"sshd","packageid":70786},{"block":false,"categoryid":1491,"description":"User for ssh","ebuildids":[831607],"firstseen":"2020-02-05T02:48:51.569604","name":"sshd","packageid":70787},{"block":false,"categoryid":396,"description":"Virtual for libcrypt.so","ebuildids":[831607],"firstseen":"2020-02-06T19:43:53.689104","name":"libcrypt","packageid":70797},{"block":false,"categoryid":396,"description":"Virtual for libz.so providers","ebuildids":[831607],"firstseen":"2025-11-04T07:31:41.418357","name":"zlib","packageid":78605}],"repos":[{"branch":"master","lastcommit":"1f58741385367db432e79500a838ced67b2a773d","name":"gentoo","path":"\/usr\/portage","repoid":1,"upstream":"origin"}],"tracked":false,"urls":["https:\/\/www.openssh.com\/"],"uses":[{"description":"Add support for X11","isdefault":false,"use":"X"},{"description":"Adds support for X.509 certificate authentication","isdefault":false,"packageid":76137,"use":"X509"},{"description":"Enable support for Linux audit subsystem using sys-process\/audit","isdefault":false,"use":"audit"},{"description":"Enable extra debug codepaths, like asserts and extra output. If you want to get meaningful backtraces see https:\/\/wiki.gentoo.org\/wiki\/Project:Quality_Assurance\/Backtraces","isdefault":false,"use":"debug"},{"description":"Enable high performance ssh","isdefault":false,"packageid":76137,"use":"hpn"},{"description":"Add kerberos support","isdefault":false,"use":"kerberos"},{"description":"Use LDNS for DNSSEC\/SSHFP validation.","isdefault":false,"packageid":76137,"use":"ldns"},{"description":"Use the libedit library (replacement for readline)","isdefault":false,"use":"libedit"},{"description":"Enable root password logins for live-cd environment.","isdefault":false,"packageid":76137,"use":"livecd"},{"description":"Add support for PAM (Pluggable Authentication Modules) - DANGEROUS to arbitrarily flip","isdefault":false,"use":"pam"},{"defaultflag":true,"description":"Build programs as Position Independent Executables (a security hardening technique)","isdefault":true,"use":"pie"},{"description":"Include builtin U2F\/FIDO support","isdefault":false,"packageid":76137,"use":"security-key"},{"description":"!!internal use only!! Security Enhanced Linux support, this must be set by the selinux profile or breakage will occur","isdefault":false,"use":"selinux"},{"defaultflag":true,"description":"Enable additional crypto algorithms via OpenSSL","isdefault":true,"packageid":76137,"use":"ssl"},{"description":"!!do not set this during bootstrap!! Causes binaries to be statically linked instead of dynamically","isdefault":false,"use":"static"},{"description":"Enable dependencies and\/or preparations necessary to run tests (usually controlled by FEATURES=test but can be toggled independently)","isdefault":false,"use":"test"},{"description":"Verify upstream signatures on distfiles","isdefault":false,"use":"verify-sig"},{"description":"Enable XMSS post-quantum authentication algorithm","isdefault":false,"packageid":76137,"use":"xmss"},{"description":"64-bit (32-bit pointer) libraries","group":"abi_mips","isdefault":false,"use":"n32"}]}