chutzpah@gentoo.org Patrick McLean robbat2@gentoo.org Robin H. Johnson OpenSSH is a FREE version of the SSH protocol suite of network connectivity tools that increasing numbers of people on the Internet are coming to rely on. Many users of telnet, rlogin, ftp, and other such programs might not realize that their password is transmitted across the Internet unencrypted, but it is. OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other network-level attacks. Additionally, OpenSSH provides a myriad of secure tunneling capabilities, as well as a variety of authentication methods. The OpenSSH suite includes the ssh program which replaces rlogin and telnet, scp which replaces rcp, and sftp which replaces ftp. Also included is sshd which is the server side of the package, and the other basic utilities like ssh-add, ssh-agent, ssh-keysign, ssh-keyscan, ssh-keygen and sftp-server. OpenSSH supports SSH protocol versions 1.3, 1.5, and 2.0. This package represents an effort to extend upstream OpenSSH with three big patchsets. WARNING: These patches are of lower quality than vanilla upstream OpenSSH and often have correctness issues. The patches are: * HPN (High performance SSH/SCP) adds custom ciphers that allow for more aggressive buffering and/or multithreading, leading to better network throughput. Many of these optimizations are not relevant anymore due to AEAD ciphers changing MAC nesting or because more CPU performant ciphers are being used in this day and age (ChaCha20). WARNING: HPN's multi-threaded AES CTR cipher is known to be broken and should not be relied upon. * SCTP patches by Patrick McLean. These enable SSH over SCTP. * X509 patches by Roumen Petrov. OpenSSH upstream will never support standard PKIs for authenticating users. This patch series adds support for X509 certificates. Enable high performance ssh Use LDNS for DNSSEC/SSHFP validation. Enable root password logins for live-cd environment. Include builtin U2F/FIDO support Enable additional crypto algorithms via OpenSSL Adds support for X.509 certificate authentication Enable XMSS post-quantum authentication algorithm cpe:/a:openbsd:openssh openssh/openssh-portable hpnssh