You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
60 lines
2.9 KiB
60 lines
2.9 KiB
1 year ago
|
<?xml version="1.0" encoding="UTF-8"?>
|
||
|
<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
|
||
|
<pkgmetadata>
|
||
|
<maintainer type="person">
|
||
|
<email>chutzpah@gentoo.org</email>
|
||
|
<name>Patrick McLean</name>
|
||
|
</maintainer>
|
||
|
<maintainer type="person">
|
||
|
<email>robbat2@gentoo.org</email>
|
||
|
<name>Robin H. Johnson</name>
|
||
|
</maintainer>
|
||
|
<longdescription>
|
||
|
OpenSSH is a FREE version of the SSH protocol suite of network connectivity tools that
|
||
|
increasing numbers of people on the Internet are coming to rely on. Many users of telnet,
|
||
|
rlogin, ftp, and other such programs might not realize that their password is transmitted
|
||
|
across the Internet unencrypted, but it is. OpenSSH encrypts all traffic (including passwords)
|
||
|
to effectively eliminate eavesdropping, connection hijacking, and other network-level attacks.
|
||
|
Additionally, OpenSSH provides a myriad of secure tunneling capabilities, as well as a variety
|
||
|
of authentication methods.
|
||
|
|
||
|
The OpenSSH suite includes the ssh program which replaces rlogin and telnet, scp which
|
||
|
replaces rcp, and sftp which replaces ftp. Also included is sshd which is the server side of
|
||
|
the package, and the other basic utilities like ssh-add, ssh-agent, ssh-keysign, ssh-keyscan,
|
||
|
ssh-keygen and sftp-server. OpenSSH supports SSH protocol versions 1.3, 1.5, and 2.0.
|
||
|
|
||
|
This package represents an effort to extend upstream OpenSSH with three big patchsets.
|
||
|
|
||
|
WARNING: These patches are of lower quality than vanilla upstream OpenSSH and often have
|
||
|
correctness issues.
|
||
|
|
||
|
The patches are:
|
||
|
|
||
|
* HPN (High performance SSH/SCP) adds custom ciphers that allow for more aggressive
|
||
|
buffering and/or multithreading, leading to better network throughput. Many of these
|
||
|
optimizations are not relevant anymore due to AEAD ciphers changing MAC nesting or
|
||
|
because more CPU performant ciphers are being used in this day and age (ChaCha20).
|
||
|
|
||
|
WARNING: HPN's multi-threaded AES CTR cipher is known to be broken and should not be relied upon.
|
||
|
|
||
|
* SCTP patches by Patrick McLean. These enable SSH over SCTP.
|
||
|
|
||
|
* X509 patches by Roumen Petrov. OpenSSH upstream will never support standard PKIs for
|
||
|
authenticating users. This patch series adds support for X509 certificates.
|
||
|
</longdescription>
|
||
|
<use>
|
||
|
<flag name="hpn">Enable high performance ssh</flag>
|
||
|
<flag name="ldns">Use LDNS for DNSSEC/SSHFP validation.</flag>
|
||
|
<flag name="livecd">Enable root password logins for live-cd environment.</flag>
|
||
|
<flag name="security-key">Include builtin U2F/FIDO support</flag>
|
||
|
<flag name="ssl">Enable additional crypto algorithms via OpenSSL</flag>
|
||
|
<flag name="X509">Adds support for X.509 certificate authentication</flag>
|
||
|
<flag name="xmss">Enable XMSS post-quantum authentication algorithm</flag>
|
||
|
</use>
|
||
|
<upstream>
|
||
|
<remote-id type="cpe">cpe:/a:openbsd:openssh</remote-id>
|
||
|
<remote-id type="github">openssh/openssh-portable</remote-id>
|
||
|
<remote-id type="sourceforge">hpnssh</remote-id>
|
||
|
</upstream>
|
||
|
</pkgmetadata>
|