Secure Shell Client and Server (Remote Login Program)

Edit Package openssh

SSH (Secure Shell) is a program for logging into and executing commands
on a remote machine. It is intended to replace rsh (rlogin and rsh) and
provides openssl (secure encrypted communication) between two untrusted
hosts over an insecure network.

xorg-x11 (X Window System) connections and arbitrary TCP/IP ports can
also be forwarded over the secure channel.

Refresh
Refresh
Source Files
Filename Size Changed
README.FIPS 0000003276 3.2 KB
README.SUSE 0000000690 690 Bytes
README.kerberos 0000000528 528 Bytes
_multibuild 0000000070 70 Bytes
cavs_driver-ssh.pl 0000005408 5.28 KB
fix-missing-lz.patch 0000001556 1.52 KB
logind_set_tty.patch 0000005350 5.22 KB
openssh-6.6.1p1-selinux-contexts.patch 0000003177 3.1 KB
openssh-6.6p1-keycat.patch 0000013925 13.6 KB
openssh-6.6p1-privsep-selinux.patch 0000003826 3.74 KB
openssh-7.6p1-cleanup-selinux.patch 0000009830 9.6 KB
openssh-7.7p1-IPv6_X_forwarding.patch 0000001228 1.2 KB
openssh-7.7p1-X11_trusted_forwarding.patch 0000001739 1.7 KB
openssh-7.7p1-X_forward_with_disabled_ipv6.patch 0000000829 829 Bytes
openssh-7.7p1-cavstest-ctr.patch 0000007984 7.8 KB
openssh-7.7p1-cavstest-kdf.patch 0000014404 14.1 KB
openssh-7.7p1-disable_openssl_abi_check.patch 0000001544 1.51 KB
openssh-7.7p1-eal3.patch 0000000845 845 Bytes
openssh-7.7p1-enable_PAM_by_default.patch 0000000681 681 Bytes
openssh-7.7p1-fips.patch 0000023843 23.3 KB
openssh-7.7p1-fips_checks.patch 0000011792 11.5 KB
openssh-7.7p1-host_ident.patch 0000000774 774 Bytes
openssh-7.7p1-hostname_changes_when_forwarding_X.patch 0000002583 2.52 KB
openssh-7.7p1-ldap.patch 0000086791 84.8 KB
openssh-7.7p1-no_fork-no_pid_file.patch 0000000644 644 Bytes
openssh-7.7p1-pam_check_locks.patch 0000004862 4.75 KB
openssh-7.7p1-pts_names_formatting.patch 0000001043 1.02 KB
openssh-7.7p1-remove_xauth_cookies_on_exit.patch 0000001294 1.26 KB
openssh-7.7p1-seccomp_ipc_flock.patch 0000001462 1.43 KB
openssh-7.7p1-seccomp_stat.patch 0000000610 610 Bytes
openssh-7.7p1-send_locale.patch 0000001404 1.37 KB
openssh-7.7p1-sftp_force_permissions.patch 0000004188 4.09 KB
openssh-7.7p1-sftp_print_diagnostic_messages.patch 0000001780 1.74 KB
openssh-7.7p1-systemd-notify.patch 0000002595 2.53 KB
openssh-7.8p1-role-mls.patch 0000026109 25.5 KB
openssh-7.9p1-keygen-preserve-perms.patch 0000001304 1.27 KB
openssh-7.9p1-revert-new-qos-defaults.patch 0000002921 2.85 KB
openssh-8.0p1-gssapi-keyex.patch 0000125660 123 KB
openssh-8.1p1-audit.patch 0000074299 72.6 KB
openssh-8.1p1-ed25519-use-openssl-rng.patch 0000001715 1.67 KB
openssh-8.1p1-seccomp-clock_gettime64.patch 0000000844 844 Bytes
openssh-8.1p1-seccomp-clock_nanosleep.patch 0000000472 472 Bytes
openssh-8.1p1-seccomp-clock_nanosleep_time64.patch 0000000837 837 Bytes
openssh-8.1p1-use-openssl-kdf.patch 0000003878 3.79 KB
openssh-8.4p1-pam_motd.patch 0000000397 397 Bytes
openssh-8.4p1-ssh_config_d.patch 0000001485 1.45 KB
openssh-8.4p1-vendordir.patch 0000007137 6.97 KB
openssh-9.6p1.tar.gz 0001857862 1.77 MB
openssh-9.6p1.tar.gz.asc 0000000833 833 Bytes
openssh-askpass-gnome.changes 0000012468 12.2 KB
openssh-askpass-gnome.spec 0000002142 2.09 KB
openssh-do-not-send-empty-message.patch 0000000685 685 Bytes
openssh-fips-ensure-approved-moduli.patch 0000001788 1.75 KB
openssh-openssl-3.patch 0000003698 3.61 KB
openssh-reenable-dh-group14-sha1-default.patch 0000001524 1.49 KB
openssh-whitelist-syscalls.patch 0000000927 927 Bytes
openssh.changes 0000274348 268 KB
openssh.keyring 0000022720 22.2 KB
openssh.spec 0000020820 20.3 KB
ssh-askpass 0000000479 479 Bytes
ssh.reg 0000000500 500 Bytes
sshd-gen-keys-start 0000000225 225 Bytes
sshd-sle.pamd 0000000373 373 Bytes
sshd.fw 0000000135 135 Bytes
sshd.pamd 0000000538 538 Bytes
sshd.service 0000000394 394 Bytes
sysconfig.ssh 0000000221 221 Bytes
sysusers-sshd.conf 0000000064 64 Bytes
wtmpdb.patch 0000005130 5.01 KB
Latest Revision
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1150501 from Hans Petter Jansson's avatar Hans Petter Jansson (hpjansson) (revision 170)
- Update to openssh 9.6p1:
  * No changes for askpass, see main package changelog for
    details.

- Update to openssh 9.6p1:
  = Security
  * ssh(1), sshd(8): implement protocol extensions to thwart the
    so-called "Terrapin attack" discovered by Fabian Bäumer, Marcus
    Brinkmann and Jörg Schwenk. This attack allows a MITM to effect a
    limited break of the integrity of the early encrypted SSH transport
    protocol by sending extra messages prior to the commencement of
    encryption, and deleting an equal number of consecutive messages
    immediately after encryption starts. A peer SSH client/server
    would not be able to detect that messages were deleted.
  * ssh-agent(1): when adding PKCS#11-hosted private keys while
    specifying destination constraints, if the PKCS#11 token returned
    multiple keys then only the first key had the constraints applied.
    Use of regular private keys, FIDO tokens and unconstrained keys
    are unaffected.
  * ssh(1): if an invalid user or hostname that contained shell
    metacharacters was passed to ssh(1), and a ProxyCommand,
    LocalCommand directive or "match exec" predicate referenced the
    user or hostname via %u, %h or similar expansion token, then
    an attacker who could supply arbitrary user/hostnames to ssh(1)
    could potentially perform command injection depending on what
    quoting was present in the user-supplied ssh_config(5) directive.
  = Potentially incompatible changes
  * ssh(1), sshd(8): the RFC4254 connection/channels protocol provides
    a TCP-like window mechanism that limits the amount of data that
    can be sent without acceptance from the peer. In cases where this (forwarded request 1150500 from hpjansson)
Comments 4

Meinhard R's avatar

Is it possible to upgrade to a more recent version, please?


Sami Vento's avatar

openSSH-7.8 is available



André Werlang's avatar

Hello, is it possible to adhere to the new guidance regarding systemd ( https://en.opensuse.org/openSUSE:Systemd_packaging_guidelines#Requirements )? That is, dropping %{?systemd_requires} and using %{?systemd_ordering} instead. This is interesting for containers, git-core requires openssh which in turn requires systemd which requires many other things. Thanks in advance.

openSUSE Build Service is sponsored by