Automic VaultAutomic Vault

brew

Install openssh with Homebrew, apk, chocolatey, apt, dnf, MacPorts, Nix, pacman, scoop, zypper, winget

OpenBSD freely-licensed SSH connectivity tools. Version 10.4p1 via Homebrew; verified 2026-07-06.

agent safety

Agent safety answer

openssh provides remote login, key, and transfer tools with broad host access.

Credential access

Reads SSH keys, agent sockets, known hosts, config, and forwarded credentials.

Remote mutation

Can execute commands and transfer files on remote hosts.

Publish/artifact risk

Can deploy files, change servers, and expose forwarded credentials.

Recommended control

Gate remote command execution, scp/sftp writes, key generation, and agent forwarding.

Agent-use guidance

Allow local key inspection; require approval before connecting to or mutating remote hosts.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install openssh

local Homebrew formula metadata

MacPortsverified · 94%
sudo port install openssh

MacPorts ports tree · net/openssh/Portfile · source: api.github.com

Linux

Alpine Linux apkverified · 92%
sudo apk add openssh

Alpine Linux edge package indexes · openssh · source: dl-cdn.alpinelinux.org

Debian aptverified · 92%
sudo apt install openssh-client

Debian stable package indexes · openssh-client · source: deb.debian.org

Fedora dnfverified · 92%
sudo dnf install openssh

Fedora Rawhide package metadata · openssh · source: dl.fedoraproject.org

Nixverified · 92%
nix profile install nixpkgs#openssh

nixpkgs package indexes · openssh · source: raw.githubusercontent.com

Arch Linux pacmanverified · 92%
sudo pacman -S openssh

Arch Linux sync databases · openssh · source: geo.mirror.pkgbuild.com

openSUSE zypperverified · 92%
sudo zypper install openssh

openSUSE Tumbleweed package metadata · openssh · source: download.opensuse.org

Windows

Chocolateyverified · 92%
choco install openssh

Chocolatey community package catalog · openssh · source: community.chocolatey.org

Scoopverified · 92%
scoop install main/openssh

Scoop official bucket manifest trees · bucket/openssh.json · source: api.github.com

Windows Package Managerverified · 92%
winget install --id Syncplify.Server -e

Windows Package Manager source index · Syncplify.Server · source: cdn.winget.microsoft.com

overview

Package summary

OpenBSD freely-licensed SSH connectivity tools

Commands and aliases

  • scp
  • sftp
  • slogin
  • ssh
  • ssh-add
  • ssh-agent
  • ssh-keygen
  • ssh-keyscan
  • sshd

history

Project history and usage

OpenSSH is the OpenBSD project's freely licensed implementation of the SSH protocol suite: remote login, remote command execution, file transfer, key management, agent forwarding, and server-side SSH access. The package includes `ssh`, `sshd`, `scp`, `sftp`, `ssh-keygen`, `ssh-agent`, `ssh-add`, and related tools.

Project history

OpenSSH began in 1999 when OpenBSD developers forked Bjorn Gronvall's OSSH, itself derived from Tatu Ylonen's last sufficiently free ssh 1.2.12 release. The OpenSSH project history describes the goal as freeing SSH from license restrictions, cleaning up the code, and maintaining it under the OpenBSD security-audit culture.

The initial import landed on September 26, 1999, shortly before OpenBSD 2.6. The early team removed portability clutter, replaced problematic cryptographic and GPL components, repaired bugs, restored features, and added support for SSH 1.5 and later SSH 2. The OpenBSD manual credits Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo de Raadt, and Dug Song with creating OpenSSH from the original free ssh base.

OpenSSH's project goal was explicit: because telnet and rlogin are insecure, operating systems should ship SSH support. SSH 2 support became usable around May 4, 2000, solving the integrity and patent-era problems of SSH 1 and giving OpenSSH the protocol base that would become standard for secure administration.

Adoption history

OpenSSH became infrastructure software because it replaced insecure remote-login and file-transfer tools with a default, scriptable, auditable SSH suite. The portable release made the OpenBSD code usable on Linux, macOS, Cygwin, Solaris, AIX, HP-UX, and other Unix-like systems by adding compatibility layers, PAM/auditing hooks, and platform-specific sandboxing.

Package managers generally split OpenSSH into client and server packages or ship it in the operating-system base. Homebrew's `openssh` formula exists for users who want a packaged OpenSSH newer or different from the system copy, with dependencies such as libfido2 and OpenSSL for modern authentication and crypto support.

How it is used

Operators use OpenSSH for daily host access, jump hosts, port forwarding, remote command execution, Git-over-SSH, rsync transport, and automated deployments. Developers touch the package through keys, `~/.ssh/config`, known-host verification, `ssh-agent`, `scp`/`sftp`, and server configuration in `sshd_config`.

OpenSSH also functions as a security policy surface. Choices such as allowed key algorithms, FIDO/U2F support, host key rotation, agent forwarding, chrooting, and subsystem configuration are all exposed through a familiar command and config ecosystem.

Why package nerds care

OpenSSH is one of the canonical examples of a package becoming part of the operating-system substrate. It is both an upstream security project and a downstream packaging problem: vendors patch it, split client/server binaries, coordinate crypto-library choices, and backport fixes because remote access breakage can lock administrators out of machines.

For package nerds, OpenSSH is also a portability case study. The upstream OpenBSD version stays small and tightly audited, while portable OpenSSH carries the compatibility code that lets one security-sensitive codebase work across many Unix variants.

Timeline

  • 1999: OpenBSD developers fork OSSH and import the code on September 26.
  • December 1, 1999: OpenBSD 2.6 ships with OpenSSH.
  • May 4, 2000: SSH 2 support is implemented sufficiently to be usable.
  • 2017: OpenSSH 7.6 removes SSH 1 protocol support.
  • 2026: Homebrew packages OpenSSH 10.3p1 in the `openssh` formula.

Related projects

  • OpenSSH descends from Tatu Ylonen's original SSH and Bjorn Gronvall's OSSH. It interacts with crypto libraries such as LibreSSL, OpenSSL, AWS-LC, and BoringSSL, and it overlaps operationally with file-transfer tools, bastion-host systems, VPNs, and configuration-management systems.

security posture

Risk level: blue

broad file, network, media, or database tool signal.

Risk classifier

blue risk · medium confidence · tool

Why

  • broad file, network, media, or database tool signal

Signals

  • text:ftp,ssh

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 6 platform targets.
  • Installs with 3 runtime dependencies.
  • Build metadata lists 1 build dependencies.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

local files

Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.

Configuration files

Config paths the tool may read or write during local use.

Unix
~/.ssh/config

Credential files

Credential-bearing paths to review before unattended agent runs.

Unix
~/.ssh/id_*~/.ssh/config

executables

Installed executables

CommandKindExposureNote
scpcliglobal executable
sftpcliglobal executable
slogincliglobal executable
sshcliglobal executable
ssh-addcliglobal executable
ssh-agentcliglobal executable
ssh-keygencliglobal executable
ssh-keyscancliglobal executable
sshdcliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version10.4p1
manager updated2026-07-06
local dataok
upstreamnot checked
latest detectednot detected

https://www.openssh.com/

install metadata

Package metadata

Package keybrew:openssh
Version10.4p1
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/openssh
Homepagehttps://www.openssh.com/
Repositoryhttps://anongit.mindrot.org/openssh.git
Upstream docshttps://www.openssh.com/manual.html
LicenseSSH-OpenSSH
Source archivehttps://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-10.4p1.tar.gz
Last updated2026-07-06T18:10:51Z
Pulseupdated
Dependenciesldns, libfido2, openssl@3
Build dependenciespkgconf
Uses from macOSkrb5, libedit, libxcrypt
Bottleavailable (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Nameopenssh
Version Scheme0
Revision0
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

Debian apt95%

openssh-client 1:10.0p1-7+deb13u4

secure shell (SSH) client, for secure access to remote machines

https://www.openssh.com/

sudo apt install openssh-client
  • Section: net
  • Architecture: amd64
  • Source Package: openssh
  • 10 dependencies
  • 1 provides
  • 5 optional deps
  • normalized package name match
  • Matched by: Openssh
Debian stable package indexes · deb.debian.org · Debian stable package indexes: openssh-client from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz
Debian apt95%

openssh-client-gssapi 1:10.0p1-7+deb13u4

secure shell (SSH) client, with GSS-API support

https://www.openssh.com/

sudo apt install openssh-client-gssapi
  • Section: net
  • Architecture: all
  • Source Package: openssh
  • 1 dependencies
  • normalized package name match
  • Matched by: Openssh
Debian stable package indexes · deb.debian.org · Debian stable package indexes: openssh-client-gssapi from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz
Debian apt95%

openssh-server 1:10.0p1-7+deb13u4

secure shell (SSH) server, for secure access from remote machines

https://www.openssh.com/

sudo apt install openssh-server
  • Section: net
  • Architecture: amd64
  • Source Package: openssh
  • 25 dependencies
  • 1 provides
  • 9 optional deps
  • normalized package name match
  • Matched by: Openssh
Debian stable package indexes · deb.debian.org · Debian stable package indexes: openssh-server from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz
Debian apt95%

openssh-server-gssapi 1:10.0p1-7+deb13u4

secure shell (SSH) server, with GSS-API key exchange

https://www.openssh.com/

sudo apt install openssh-server-gssapi
  • Section: net
  • Architecture: all
  • Source Package: openssh
  • 2 dependencies
  • normalized package name match
  • Matched by: Openssh
Debian stable package indexes · deb.debian.org · Debian stable package indexes: openssh-server-gssapi from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz
Debian apt95%

openssh-sftp-server 1:10.0p1-7+deb13u4

secure shell (SSH) sftp server module, for SFTP access from remote machines

https://www.openssh.com/

sudo apt install openssh-sftp-server
  • Section: net
  • Architecture: amd64
  • Source Package: openssh
  • 2 dependencies
  • 2 optional deps
  • normalized package name match
  • Matched by: Openssh
Debian stable package indexes · deb.debian.org · Debian stable package indexes: openssh-sftp-server from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz
Debian apt95%

openssh-tests 1:10.0p1-7+deb13u4

OpenSSH regression tests

https://www.openssh.com/

sudo apt install openssh-tests
  • Section: net
  • Architecture: amd64
  • Source Package: openssh
  • 10 dependencies
  • normalized package name match
  • Matched by: Openssh
Debian stable package indexes · deb.debian.org · Debian stable package indexes: openssh-tests from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz
Debian apt95%

ssh 1:10.0p1-7+deb13u4

secure shell client and server (metapackage)

https://www.openssh.com/

sudo apt install ssh
  • Section: net
  • Architecture: all
  • Source Package: openssh
  • 2 dependencies
  • normalized package name match
  • Matched by: Openssh
Debian stable package indexes · deb.debian.org · Debian stable package indexes: ssh from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz
Debian apt95%

ssh-askpass-gnome 1:10.0p1-7+deb13u4

interactive X program to prompt users for a passphrase for ssh-add

https://www.openssh.com/

sudo apt install ssh-askpass-gnome
  • Section: gnome
  • Architecture: amd64
  • Source Package: openssh
  • 5 dependencies
  • 1 provides
  • normalized package name match
  • Matched by: Openssh
Debian stable package indexes · deb.debian.org · Debian stable package indexes: ssh-askpass-gnome from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz
Nix95%

openssh

nix profile install nixpkgs#openssh
  • normalized package name match
  • Matched by: Openssh
nixpkgs package indexes · raw.githubusercontent.com · nixpkgs package indexes: openssh from https://raw.githubusercontent.com/NixOS/nixpkgs/master/pkgs/top-level/all-packages.nix
Ubuntu apt95%

openssh-client 1:9.6p1-3ubuntu13

secure shell (SSH) client, for secure access to remote machines

https://www.openssh.com/

sudo apt install openssh-client
  • Section: net
  • Architecture: amd64
  • Source Package: openssh
  • 9 dependencies
  • 1 provides
  • 5 optional deps
  • normalized package name match
  • Matched by: Openssh
Ubuntu 24.04 LTS package indexes · archive.ubuntu.com · Ubuntu 24.04 LTS package indexes: openssh-client from https://archive.ubuntu.com/ubuntu/dists/noble/main/binary-amd64/Packages.gz
Ubuntu apt95%

openssh-server 1:9.6p1-3ubuntu13

secure shell (SSH) server, for secure access from remote machines

https://www.openssh.com/

sudo apt install openssh-server
  • Section: net
  • Architecture: amd64
  • Source Package: openssh
  • 21 dependencies
  • 1 provides
  • 10 optional deps
  • normalized package name match
  • Matched by: Openssh
Ubuntu 24.04 LTS package indexes · archive.ubuntu.com · Ubuntu 24.04 LTS package indexes: openssh-server from https://archive.ubuntu.com/ubuntu/dists/noble/main/binary-amd64/Packages.gz
Ubuntu apt95%

openssh-sftp-server 1:9.6p1-3ubuntu13

secure shell (SSH) sftp server module, for SFTP access from remote machines

https://www.openssh.com/

sudo apt install openssh-sftp-server
  • Section: net
  • Architecture: amd64
  • Source Package: openssh
  • 2 dependencies
  • 2 optional deps
  • normalized package name match
  • Matched by: Openssh
Ubuntu 24.04 LTS package indexes · archive.ubuntu.com · Ubuntu 24.04 LTS package indexes: openssh-sftp-server from https://archive.ubuntu.com/ubuntu/dists/noble/main/binary-amd64/Packages.gz
Ubuntu apt95%

openssh-tests 1:9.6p1-3ubuntu13

OpenSSH regression tests

https://www.openssh.com/

sudo apt install openssh-tests
  • Section: universe/net
  • Architecture: amd64
  • Source Package: openssh
  • 9 dependencies
  • normalized package name match
  • Matched by: Openssh
Ubuntu 24.04 LTS package indexes · archive.ubuntu.com · Ubuntu 24.04 LTS package indexes: openssh-tests from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz
Ubuntu apt95%

ssh 1:9.6p1-3ubuntu13

secure shell client and server (metapackage)

https://www.openssh.com/

sudo apt install ssh
  • Section: net
  • Architecture: all
  • Source Package: openssh
  • 2 dependencies
  • normalized package name match
  • Matched by: Openssh
Ubuntu 24.04 LTS package indexes · archive.ubuntu.com · Ubuntu 24.04 LTS package indexes: ssh from https://archive.ubuntu.com/ubuntu/dists/noble/main/binary-amd64/Packages.gz
Ubuntu apt95%

ssh-askpass-gnome 1:9.6p1-3ubuntu13

interactive X program to prompt users for a passphrase for ssh-add

https://www.openssh.com/

sudo apt install ssh-askpass-gnome
  • Section: universe/gnome
  • Architecture: amd64
  • Source Package: openssh
  • 5 dependencies
  • 1 provides
  • normalized package name match
  • Matched by: Openssh
Ubuntu 24.04 LTS package indexes · archive.ubuntu.com · Ubuntu 24.04 LTS package indexes: ssh-askpass-gnome from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz
apk95%

openssh 10.3_p1-r0

Port of OpenBSD's free SSH release

https://www.openssh.com/portable.html

sudo apk add openssh
  • License: SSH-OpenSSH
  • Architecture: x86_64
  • Source Package: openssh
  • 1 dependencies
  • normalized package name match
  • Matched by: Openssh
Alpine Linux edge package indexes · dl-cdn.alpinelinux.org · Alpine Linux edge package indexes: openssh from https://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/APKINDEX.tar.gz

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated agent safety answer
  • curated configuration and credential file locations
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment