Credential-Zugriff
Reads SSH keys, agent sockets, known hosts, config, and forwarded credentials.
brew
Prüfe Installationswege, Executables, Metadaten und Sicherheitshinweise für openssh in AI-Agent-Workflows.
Agent-Sicherheit
openssh provides remote login, key, and transfer tools with broad host access.
Reads SSH keys, agent sockets, known hosts, config, and forwarded credentials.
Can execute commands and transfer files on remote hosts.
Can deploy files, change servers, and expose forwarded credentials.
Gate remote command execution, scp/sftp writes, key generation, and agent forwarding.
Allow local key inspection; require approval before connecting to or mutating remote hosts.
Installation
brew install opensshlocal Homebrew formula metadata
sudo port install opensshMacPorts ports tree · net/openssh/Portfile · Quelle: api.github.com
sudo apk add opensshAlpine Linux edge package indexes · openssh · Quelle: dl-cdn.alpinelinux.org
sudo dnf install opensshFedora Rawhide package metadata · openssh · Quelle: dl.fedoraproject.org
nix profile install nixpkgs#opensshnixpkgs package indexes · openssh · Quelle: raw.githubusercontent.com
sudo pacman -S opensshArch Linux sync databases · openssh · Quelle: geo.mirror.pkgbuild.com
sudo zypper install opensshopenSUSE Tumbleweed package metadata · openssh · Quelle: download.opensuse.org
sudo apt install openssh-clientDebian stable package indexes · openssh-client · Quelle: deb.debian.org
choco install opensshChocolatey community package catalog · openssh · Quelle: community.chocolatey.org
scoop install main/opensshScoop official bucket manifest trees · bucket/openssh.json · Quelle: api.github.com
winget install --id Syncplify.Server -eWindows Package Manager source index · Syncplify.Server · Quelle: cdn.winget.microsoft.com
Überblick
OpenBSD freely-licensed SSH connectivity tools
Verlauf
OpenSSH is the OpenBSD project's freely licensed implementation of the SSH protocol suite: remote login, remote command execution, file transfer, key management, agent forwarding, and server-side SSH access. The package includes `ssh`, `sshd`, `scp`, `sftp`, `ssh-keygen`, `ssh-agent`, `ssh-add`, and related tools.
OpenSSH began in 1999 when OpenBSD developers forked Bjorn Gronvall's OSSH, itself derived from Tatu Ylonen's last sufficiently free ssh 1.2.12 release. The OpenSSH project history describes the goal as freeing SSH from license restrictions, cleaning up the code, and maintaining it under the OpenBSD security-audit culture.
The initial import landed on September 26, 1999, shortly before OpenBSD 2.6. The early team removed portability clutter, replaced problematic cryptographic and GPL components, repaired bugs, restored features, and added support for SSH 1.5 and later SSH 2. The OpenBSD manual credits Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo de Raadt, and Dug Song with creating OpenSSH from the original free ssh base.
OpenSSH's project goal was explicit: because telnet and rlogin are insecure, operating systems should ship SSH support. SSH 2 support became usable around May 4, 2000, solving the integrity and patent-era problems of SSH 1 and giving OpenSSH the protocol base that would become standard for secure administration.
OpenSSH became infrastructure software because it replaced insecure remote-login and file-transfer tools with a default, scriptable, auditable SSH suite. The portable release made the OpenBSD code usable on Linux, macOS, Cygwin, Solaris, AIX, HP-UX, and other Unix-like systems by adding compatibility layers, PAM/auditing hooks, and platform-specific sandboxing.
Package managers generally split OpenSSH into client and server packages or ship it in the operating-system base. Homebrew's `openssh` formula exists for users who want a packaged OpenSSH newer or different from the system copy, with dependencies such as libfido2 and OpenSSL for modern authentication and crypto support.
Operators use OpenSSH for daily host access, jump hosts, port forwarding, remote command execution, Git-over-SSH, rsync transport, and automated deployments. Developers touch the package through keys, `~/.ssh/config`, known-host verification, `ssh-agent`, `scp`/`sftp`, and server configuration in `sshd_config`.
OpenSSH also functions as a security policy surface. Choices such as allowed key algorithms, FIDO/U2F support, host key rotation, agent forwarding, chrooting, and subsystem configuration are all exposed through a familiar command and config ecosystem.
OpenSSH is one of the canonical examples of a package becoming part of the operating-system substrate. It is both an upstream security project and a downstream packaging problem: vendors patch it, split client/server binaries, coordinate crypto-library choices, and backport fixes because remote access breakage can lock administrators out of machines.
For package nerds, OpenSSH is also a portability case study. The upstream OpenBSD version stays small and tightly audited, while portable OpenSSH carries the compatibility code that lets one security-sensitive codebase work across many Unix variants.
Sicherheitslage
broad file, network, media, or database tool signal.
blue Risiko · mittel Konfidenz · tool
Prüfe vor unbeaufsichtigter Agent-Nutzung, ob das Tool Klartext-Credentials liest, Remote-Zustand schreibt, Artefakte veröffentlicht oder Plugins ausführt.
local files
These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.
Config paths the tool may read or write during local use.
~/.ssh/configCredential-bearing paths to review before unattended agent runs.
~/.ssh/id_*~/.ssh/configExecutables
| Befehl | Art | Sichtbarkeit | Hinweis |
|---|---|---|---|
scp | cli | globales Executable | |
sftp | cli | globales Executable | |
slogin | cli | globales Executable | |
ssh | cli | globales Executable | |
ssh-add | cli | globales Executable | |
ssh-agent | cli | globales Executable | |
ssh-keygen | cli | globales Executable | |
ssh-keyscan | cli | globales Executable | |
sshd | cli | globales Executable |
Aktualität
Diese Signale trennen das Alter der Seitengenerierung, Aktivität des Paketmanagers und Upstream-Release-Vergleich. Versionsrückstand wird nur gemeldet, wenn eine Evidenz-URL und vergleichbare Versionen vorhanden sind.
Installationsmetadaten
| Paketschlüssel | brew:openssh |
|---|---|
| Version | 10.4p1 |
| Paketmanager | Homebrew |
| Paketmanager-Seite | https://formulae.brew.sh/formula/openssh |
| Homepage | https://www.openssh.com/ |
| Repository | https://anongit.mindrot.org/openssh.git |
| Upstream-Dokumentation | https://www.openssh.com/manual.html |
| Lizenz | SSH-OpenSSH |
| Quellarchiv | https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-10.4p1.tar.gz |
| Zuletzt aktualisiert | 2026-07-06T18:10:51Z |
| Pulse | updated |
| Abhängigkeiten | ldns, libfido2, openssl@3 |
| Build-Abhängigkeiten | pkgconf |
| Von macOS bereitgestellte Bibliotheken | krb5, libedit, libxcrypt |
| Bottle | verfügbar (auf arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux) |
| Homebrew post-install | nicht definiert |
| Dienst | keiner deklariert |
Registry-Fakten
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | openssh |
| Version Scheme | 0 |
| Revision | 0 |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
Source-Datenbank-Treffer
Treffer stammen aus externen Paketmanager-Indizes und bleiben von lokalen Automic-Vault-Paketlinks getrennt.
openssh-client 1:10.0p1-7+deb13u4
secure shell (SSH) client, for secure access to remote machines
sudo apt install openssh-clientopenssh-client-gssapi 1:10.0p1-7+deb13u4
secure shell (SSH) client, with GSS-API support
sudo apt install openssh-client-gssapiopenssh-server 1:10.0p1-7+deb13u4
secure shell (SSH) server, for secure access from remote machines
sudo apt install openssh-serveropenssh-server-gssapi 1:10.0p1-7+deb13u4
secure shell (SSH) server, with GSS-API key exchange
sudo apt install openssh-server-gssapiopenssh-sftp-server 1:10.0p1-7+deb13u4
secure shell (SSH) sftp server module, for SFTP access from remote machines
sudo apt install openssh-sftp-serveropenssh-tests 1:10.0p1-7+deb13u4
OpenSSH regression tests
sudo apt install openssh-testsssh 1:10.0p1-7+deb13u4
secure shell client and server (metapackage)
sudo apt install sshssh-askpass-gnome 1:10.0p1-7+deb13u4
interactive X program to prompt users for a passphrase for ssh-add
sudo apt install ssh-askpass-gnomeopenssh
nix profile install nixpkgs#opensshopenssh-client 1:9.6p1-3ubuntu13
secure shell (SSH) client, for secure access to remote machines
sudo apt install openssh-clientopenssh-server 1:9.6p1-3ubuntu13
secure shell (SSH) server, for secure access from remote machines
sudo apt install openssh-serveropenssh-sftp-server 1:9.6p1-3ubuntu13
secure shell (SSH) sftp server module, for SFTP access from remote machines
sudo apt install openssh-sftp-serveropenssh-tests 1:9.6p1-3ubuntu13
OpenSSH regression tests
sudo apt install openssh-testsssh 1:9.6p1-3ubuntu13
secure shell client and server (metapackage)
sudo apt install sshssh-askpass-gnome 1:9.6p1-3ubuntu13
interactive X program to prompt users for a passphrase for ssh-add
sudo apt install ssh-askpass-gnomeopenssh 10.3_p1-r0
Port of OpenBSD's free SSH release
https://www.openssh.com/portable.html
sudo apk add opensshQuellspur
Diese Seite wird von av-web aus dem privaten Paket-SQLite-Artefakt bereitgestellt, das scripts/generate-pkg-sqlite.py erstellt.
View the package source record on GitHub.