1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
|
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="person">
<email>chutzpah@gentoo.org</email>
<name>Patrick McLean</name>
</maintainer>
<maintainer type="person">
<email>robbat2@gentoo.org</email>
<name>Robin H. Johnson</name>
</maintainer>
<longdescription>
OpenSSH is a FREE version of the SSH protocol suite of network connectivity tools that
increasing numbers of people on the Internet are coming to rely on. Many users of telnet,
rlogin, ftp, and other such programs might not realize that their password is transmitted
across the Internet unencrypted, but it is. OpenSSH encrypts all traffic (including passwords)
to effectively eliminate eavesdropping, connection hijacking, and other network-level attacks.
Additionally, OpenSSH provides a myriad of secure tunneling capabilities, as well as a variety
of authentication methods.
The OpenSSH suite includes the ssh program which replaces rlogin and telnet, scp which
replaces rcp, and sftp which replaces ftp. Also included is sshd which is the server side of
the package, and the other basic utilities like ssh-add, ssh-agent, ssh-keysign, ssh-keyscan,
ssh-keygen and sftp-server. OpenSSH supports SSH protocol versions 1.3, 1.5, and 2.0.
This package represents an effort to extend upstream OpenSSH with three big patchsets.
WARNING: These patches are of lower quality than vanilla upstream OpenSSH and often have
correctness issues.
The patches are:
* HPN (High performance SSH/SCP) adds custom ciphers that allow for more aggressive
buffering and/or multithreading, leading to better network throughput. Many of these
optimizations are not relevant anymore due to AEAD ciphers changing MAC nesting or
because more CPU performant ciphers are being used in this day and age (ChaCha20).
WARNING: HPN's multi-threaded AES CTR cipher is known to be broken and should not be relied upon.
* SCTP patches by Patrick McLean. These enable SSH over SCTP.
* X509 patches by Roumen Petrov. OpenSSH upstream will never support standard PKIs for
authenticating users. This patch series adds support for X509 certificates.
</longdescription>
<use>
<flag name="hpn">Enable high performance ssh</flag>
<flag name="ldns">Use LDNS for DNSSEC/SSHFP validation.</flag>
<flag name="livecd">Enable root password logins for live-cd environment.</flag>
<flag name="security-key">Include builtin U2F/FIDO support</flag>
<flag name="ssl">Enable additional crypto algorithms via OpenSSL</flag>
<flag name="X509">Adds support for X.509 certificate authentication</flag>
<flag name="xmss">Enable XMSS post-quantum authentication algorithm</flag>
</use>
<upstream>
<remote-id type="cpe">cpe:/a:openbsd:openssh</remote-id>
<remote-id type="github">openssh/openssh-portable</remote-id>
<remote-id type="sourceforge">hpnssh</remote-id>
</upstream>
</pkgmetadata>
|
