Linux repositories inspector

openssh-client - secure shell (SSH) client, for secure access to remote machines

This is the portable version of OpenSSH, a free implementation of the Secure Shell protocol as specified by the IETF secsh working group.
Ssh (Secure Shell) is a program for logging into a remote machine and for executing commands on a remote machine.
It provides secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel.
It can be used to provide applications with a secure communication channel.
This package provides the ssh, scp and sftp clients, the ssh-agent and ssh-add programs to make public key authentication more convenient, and the ssh-keygen, ssh-keyscan, ssh-copy-id and ssh-argv0 utilities.
In some countries it may be illegal to use any encryption at all without a special permit.
ssh replaces the insecure rsh, rcp and rlogin programs, which are obsolete for most purposes.
8.2p1
Ubuntu iconUbuntu 20.04
8.1p1
Ubuntu iconUbuntu 20.04
8.0p1
Ubuntu iconUbuntu 19.10
7.9p1
Debian iconDebian 10.0
Ubuntu iconUbuntu 19.04
7.7p1
Ubuntu iconUbuntu 18.10
7.6p1
Ubuntu iconUbuntu 18.04 LTS
7.5p1
Ubuntu iconUbuntu 17.10
7.4p1
Debian iconDebian 9.0
7.2p2
Ubuntu iconUbuntu 16.04 LTS
DistributionVersionSincePackageInstalledPackager
Debian iconDebian 10.0 buster/maindeb1:7.9p1-10+deb10u22020-02-08764 kiB3.46 MiB
Debian iconDebian 9.0 stretch/maindeb1:7.4p1-10+deb9u72019-09-07762 kiB4.01 MiB
Ubuntu iconUbuntu 17.10 artful/maindeb1:7.5p1-102017-11-10596 kiB3.92 MiB
Ubuntu iconUbuntu 17.10 artful-security/maindeb1:7.5p1-10ubuntu0.12018-01-23594 kiB3.92 MiB
Ubuntu iconUbuntu 17.10 artful-updates/maindeb1:7.5p1-10ubuntu0.12018-01-23594 kiB3.92 MiB
Ubuntu iconUbuntu 18.04 LTS bionic/maindeb1:7.6p1-42018-03-07596 kiB3.97 MiB
Ubuntu iconUbuntu 18.04 LTS bionic-proposed/maindeb1:7.6p1-4ubuntu0.42020-01-24598 kiB3.97 MiB
Ubuntu iconUbuntu 18.04 LTS bionic-security/maindeb1:7.6p1-4ubuntu0.32019-03-04599 kiB3.97 MiB
Ubuntu iconUbuntu 18.04 LTS bionic-updates/maindeb1:7.6p1-4ubuntu0.32019-03-04599 kiB3.97 MiB
Ubuntu iconUbuntu 18.10 cosmic/maindeb1:7.7p1-42019-01-14613 kiB3.9 MiB
Ubuntu iconUbuntu 18.10 cosmic-security/maindeb1:7.7p1-4ubuntu0.32019-03-04612 kiB3.9 MiB
Ubuntu iconUbuntu 18.10 cosmic-updates/maindeb1:7.7p1-4ubuntu0.32019-03-04612 kiB3.9 MiB
Ubuntu iconUbuntu 19.04 disco/maindeb1:7.9p1-102019-04-10581 kiB3.36 MiB
Ubuntu iconUbuntu 19.10 eoan/maindeb1:8.0p1-6build12019-09-13597 kiB3.49 MiB
Ubuntu iconUbuntu 19.10 eoan-proposed/maindeb1:8.0p1-6ubuntu0.12020-01-24597 kiB3.49 MiB
Ubuntu iconUbuntu 20.04 focal/maindeb1:8.1p1-52020-01-22608 kiB3.54 MiB
Ubuntu iconUbuntu 20.04 focal-proposed/maindeb1:8.2p1-42020-02-26658 kiB4.02 MiB
Ubuntu iconUbuntu 16.04 LTS xenial/maindeb1:7.2p2-42017-11-10572 kiB3.61 MiB
Ubuntu iconUbuntu 16.04 LTS xenial-proposed/maindeb1:7.2p2-4ubuntu2.92020-01-24577 kiB3.62 MiB
Ubuntu iconUbuntu 16.04 LTS xenial-security/maindeb1:7.2p2-4ubuntu2.82019-03-04576 kiB3.62 MiB
Ubuntu iconUbuntu 16.04 LTS xenial-updates/maindeb1:7.2p2-4ubuntu2.82019-03-04576 kiB3.62 MiB

Manual pages

scp(1)

scp - OpenSSH secure file copy

sftp(1)

sftp - OpenSSH secure file transfer

ssh(1)

ssh - OpenSSH remote login client

ssh-add(1)

ssh-add - adds private key identities to the OpenSSH authentication agent

ssh-agent(1)

ssh-agent - OpenSSH authentication agent

ssh-argv0(1)

ssh-argv0 - replaces the old ssh command-name as hostname handling

ssh-copy-id(1)

ssh-copy-id - use locally available keys to authorise logins on a remote machine

ssh-keygen(1)

ssh-keygen - OpenSSH authentication key utility

ssh-keyscan(1)

ssh-keyscan - gather SSH public keys from servers

moduli(5)

moduli - Diffie-Hellman moduli

ssh_config(5)

ssh_config - OpenSSH client configuration file

ssh-keysign(8)

ssh-keysign - OpenSSH helper for host-based authentication

ssh-pkcs11-helper(8)

ssh-pkcs11-helper - OpenSSH helper for PKCS#11 support

ssh-sk-helper(8)

ssh-sk-helper - OpenSSH helper for FIDO authenticator support

Latest updates

Ubuntu icon

Ubuntu 20.04 focal-proposed/main: Updated from 1:8.2p1-3 to 1:8.2p1-4

2020-02-26
  • Add /etc/ssh/ssh_config.d/ to openssh-client.
  • Add /etc/ssh/sshd_config.d/ to openssh-server (closes: #952427).
  • Install ssh-sk-helper even on non-Linux architectures, though it will need an external middleware library in those cases.
Ubuntu icon

Ubuntu 20.04 focal-proposed/main: Updated from 1:8.2p1-1 to 1:8.2p1-3

2020-02-24
  • Reupload with -sa to work around confusion with 1:8.2p1-1 being in NEW.
Ubuntu icon

Ubuntu 20.04 focal-proposed/main: Version 1:8.2p1-1 introduced

2020-02-24
  • New upstream release (https://www.openssh.com/txt/release-8.2, closes: #951582):
    • ssh(1), sshd(8), ssh-keygen(1): this release removes the "ssh-rsa" (RSA/SHA1) algorithm from those accepted for certificate signatures (i.e. the client and server CASignatureAlgorithms option) and will use the rsa-sha2-512 signature algorithm by default when the ssh-keygen(1) CA signs new certificates.
    • ssh(1), sshd(8): Remove diffie-hellman-group14-sha1 from the default key exchange proposal for both the client and server.
    • ssh-keygen(1): The command-line options related to the generation and screening of safe prime numbers used by the diffie-hellman-group-exchange-* key exchange algorithms have changed. Most options have been folded under the -O flag.
    • sshd(8): The sshd listener process title visible to ps(1) has changed to include information about the number of connections that are currently attempting authentication and the limits configured by MaxStartups.
    • Add support for FIDO/U2F hardware authenticators.
    • ssh-keygen(1): Add a "no-touch-required" option when generating FIDO-hosted keys, that disables their default behaviour of requiring a physical touch/tap on the token during authentication. Note: not all tokens support disabling the touch requirement.
    • sshd(8): Add a sshd_config PubkeyAuthOptions directive that collects miscellaneous public key authentication-related options for sshd(8). At present it supports only a single option "no-touch-required". This causes sshd to skip its default check for FIDO/U2F keys that the signature was authorised by a touch or press event on the token hardware.
    • ssh(1), sshd(8), ssh-keygen(1): Add a "no-touch-required" option for authorized_keys and a similar extension for certificates. This option disables the default requirement that FIDO key signatures attest that the user touched their key to authorize them, mirroring the similar PubkeyAuthOptions sshd_config option.
    • ssh-keygen(1): Add support for the writing the FIDO attestation information that is returned when new keys are generated via the "-O write-attestation=/path" option. FIDO attestation certificates may be used to verify that a FIDO key is hosted in trusted hardware. OpenSSH does not currently make use of this information, beyond optionally writing it to disk.
    • Add support for FIDO2 resident keys.
    • sshd(8): Add an Include sshd_config keyword that allows including additional configuration files via glob(3) patterns (closes: #631189).
    • ssh(1)/sshd(8): Make the LE (low effort) DSCP code point available via the IPQoS directive.
    • ssh(1): When AddKeysToAgent=yes is set and the key contains no comment, add the key to the agent with the key's path as the comment.
    • ssh-keygen(1), ssh-agent(1): Expose PKCS#11 key labels and X.509 subjects as key comments, rather than simply listing the PKCS#11 provider library path.
    • ssh-keygen(1): Allow PEM export of DSA and ECDSA keys.
    • sshd(8): When clients get denied by MaxStartups, send a notification prior to the SSH2 protocol banner according to RFC4253 section 4.2 (closes: #275458).
    • ssh(1), ssh-agent(1): When invoking the $SSH_ASKPASS prompt program, pass a hint to the program to describe the type of desired prompt. The possible values are "confirm" (indicating that a yes/no confirmation dialog with no text entry should be shown), "none" (to indicate an informational message only), or blank for the original ssh-askpass behaviour of requesting a password/phrase.
    • ssh(1): Allow forwarding a different agent socket to the path specified by $SSH_AUTH_SOCK, by extending the existing ForwardAgent option to accepting an explicit path or the name of an environment variable in addition to yes/no.
    • ssh-keygen(1): Add a new signature operations "find-principals" to look up the principal associated with a signature from an allowed-signers file.
    • sshd(8): Expose the number of currently-authenticating connections along with the MaxStartups limit in the process title visible to "ps".
    • sshd(8): Make ClientAliveCountMax=0 have sensible semantics: it will now disable connection killing entirely rather than the current behaviour of instantly killing the connection after the first liveness test regardless of success.
    • sshd(8): Clarify order of AllowUsers / DenyUsers vs AllowGroups / DenyGroups in the sshd(8) manual page.
    • sshd(8): Better describe HashKnownHosts in the manual page.
    • sshd(8): Clarify that that permitopen=/PermitOpen do no name or address translation in the manual page.
    • sshd(8): Allow the UpdateHostKeys feature to function when multiple known_hosts files are in use. When updating host keys, ssh will now search subsequent known_hosts files, but will add updated host keys to the first specified file only.
    • All: Replace all calls to signal(2) with a wrapper around sigaction(2). This wrapper blocks all other signals during the handler preventing races between handlers, and sets SA_RESTART which should reduce the potential for short read/write operations.
    • sftp(1): Fix a race condition in the SIGCHILD handler that could turn in to a kill(-1).
    • sshd(8): Fix a case where valid (but extremely large) SSH channel IDs were being incorrectly rejected.
    • ssh(1): When checking host key fingerprints as answers to new hostkey prompts, ignore whitespace surrounding the fingerprint itself.
    • All: Wait for file descriptors to be readable or writeable during non-blocking connect, not just readable. Prevents a timeout when the server doesn't immediately send a banner (e.g. multiplexers like sslh).
    • sshd_config(5): Document the key exchange algorithm.
  • Add more historical md5sums of /etc/ssh/sshd_config between 1:7.4p1-1 and 1:7.8p1-1 inclusive (closes: #951220).
  • ssh(1): Explain that -Y is equivalent to -X in the default configuration (closes: #951640).
  • Include /etc/ssh/ssh_config.d/*.conf from /etc/ssh/ssh_config and /etc/ssh/sshd_config.d/*.conf from /etc/ssh/sshd_config (closes: #845315).
Debian icon

Debian 10.0 buster-proposed-updates/main: Version 1:7.9p1-10+deb10u2 removed

2020-02-08
Debian icon

Debian 10.0 buster/main: Updated from 1:7.9p1-10+deb10u1 to 1:7.9p1-10+deb10u2

2020-02-08
  • Apply upstream patch to deny (non-fatally) ipc in the seccomp sandbox, fixing failures with OpenSSL 1.1.1d and Linux < 3.19 on some architectures (closes: #946242). Note that this also drops the previous change to allow ipc on s390, since upstream has security concerns with that and it doesn't currently seem to be needed.
Debian icon

Debian 10.0 buster-proposed-updates/main: Version 1:7.9p1-10+deb10u2 introduced

2020-02-03
  • Apply upstream patch to deny (non-fatally) ipc in the seccomp sandbox, fixing failures with OpenSSL 1.1.1d and Linux < 3.19 on some architectures (closes: #946242). Note that this also drops the previous change to allow ipc on s390, since upstream has security concerns with that and it doesn't currently seem to be needed.
Ubuntu icon

Ubuntu 18.04 LTS bionic-proposed/main: Version 1:7.6p1-4ubuntu0.4 introduced

2020-01-24
  • Apply upstream patch to stop using 2020 as a future date in regress tests. LP: #1859013
Ubuntu icon

Ubuntu 16.04 LTS xenial-proposed/main: Version 1:7.2p2-4ubuntu2.9 introduced

2020-01-24
  • Apply upstream patch to stop using 2020 as a future date in regress tests. LP: #1859013
Ubuntu icon

Ubuntu 19.10 eoan-proposed/main: Version 1:8.0p1-6ubuntu0.1 introduced

2020-01-24
  • Apply upstream patch to stop using 2020 as a future date in regress tests. LP: #1859013
Ubuntu icon

Ubuntu 20.04 focal/main: Updated from 1:8.1p1-1 to 1:8.1p1-5

2020-01-22
Ubuntu icon

Ubuntu 20.04 focal-proposed/main: Version 1:8.1p1-5 removed

2020-01-22
Ubuntu icon

Ubuntu 20.04 focal-proposed/main: Updated from 1:8.1p1-4 to 1:8.1p1-5

2020-01-12
Ubuntu icon

Ubuntu 20.04 focal-proposed/main: Updated from 1:8.1p1-3 to 1:8.1p1-4

2020-01-09
Ubuntu icon

Ubuntu 20.04 focal-proposed/main: Updated from 1:8.1p1-2 to 1:8.1p1-3

2020-01-09
Ubuntu icon

Ubuntu 20.04 focal-proposed/main: Version 1:8.1p1-2 introduced

2020-01-07
Ubuntu icon

Ubuntu 20.04 focal/main: Version 1:8.1p1-1 introduced

2020-01-07
Debian icon

Debian 10.0 buster-proposed-updates/main: Version 1:7.9p1-10+deb10u1 removed

2019-11-16
Debian icon

Debian 10.0 buster/main: Updated from 1:7.9p1-10 to 1:7.9p1-10+deb10u1

2019-11-16
Debian icon

Debian 10.0 buster-proposed-updates/main: Version 1:7.9p1-10+deb10u1 introduced

2019-10-12
Ubuntu icon

Ubuntu 16.04 LTS xenial-updates/main: Version 1:7.2p2-4ubuntu2.8 reintroduced

2019-10-02
  • SECURITY UPDATE: Incomplete fix for CVE-2019-6111
    • debian/patches/CVE-2019-6111-2.patch: add another fix to the filename check in scp.c.
    • CVE-2019-6111
  • Fixed inverted CVE numbers in patch filenames and in previous changelog.

Related packages

openssh - Premier connectivity tool for remote login with the SSH protocol
openssh-client-ssh1 - secure shell (SSH) client for legacy SSH1 protocol
⇧ Top