openssh - Secure Shell Client and Server (Remote Login Program)

Distribution: openSUSE 42.2
Repository: openSUSE Update Oss all
Package name: openssh
Package version: 7.2p2
Package release: 9.1
Package architecture: x86_64
Package type: rpm
Installed size: 5.31 MB
Download size: 954.19 KB
Official Mirror:
SSH (Secure Shell) is a program for logging into and executing commands on a remote machine. It is intended to replace rsh (rlogin and rsh) and provides openssl (secure encrypted communication) between two untrusted hosts over an insecure network. xorg-x11 (X Window System) connections and arbitrary TCP/IP ports can also be forwarded over the secure channel.



  • config(openssh) = 7.2p2-9.1
  • openssh = 7.2p2-9.1
  • openssh(x86-64) = 7.2p2-9.1


  • nonfreessh
  • openssh-fips < 7.2p2-9.1
  • openssh-fips > 7.2p2-9.1


    Install Howto

    Install openssh rpm package:

    # zypper install openssh


    • /etc/pam.d/sshd
    • /etc/slp.reg.d/ssh.reg
    • /etc/ssh/moduli
    • /etc/ssh/ssh_config
    • /etc/ssh/sshd_config
    • /etc/sysconfig/SuSEfirewall2.d/
    • /etc/sysconfig/SuSEfirewall2.d/services/sshd
    • /usr/bin/scp
    • /usr/bin/sftp
    • /usr/bin/slogin
    • /usr/bin/ssh
    • /usr/bin/ssh-add
    • /usr/bin/ssh-agent
    • /usr/bin/ssh-copy-id
    • /usr/bin/ssh-keygen
    • /usr/bin/ssh-keyscan
    • /usr/lib/ssh/sftp-server
    • /usr/lib/ssh/ssh-askpass
    • /usr/lib/ssh/ssh-keysign
    • /usr/lib/ssh/ssh-pkcs11-helper
    • /usr/lib/systemd/system/sshd.service
    • /usr/sbin/rcsshd
    • /usr/sbin/sshd
    • /usr/sbin/sshd-gen-keys-start
    • /usr/share/doc/packages/openssh/CREDITS
    • /usr/share/doc/packages/openssh/ChangeLog
    • /usr/share/doc/packages/openssh/LICENCE
    • /usr/share/doc/packages/openssh/OVERVIEW
    • /usr/share/doc/packages/openssh/README
    • /usr/share/doc/packages/openssh/README.FIPS
    • /usr/share/doc/packages/openssh/README.SUSE
    • /usr/share/doc/packages/openssh/README.kerberos
    • /usr/share/doc/packages/openssh/TODO
    • /usr/share/doc/packages/openssh/sshd.init
    • /usr/share/man/man1/scp.1.gz
    • /usr/share/man/man1/sftp.1.gz
    • /usr/share/man/man1/slogin.1.gz
    • /usr/share/man/man1/ssh-add.1.gz
    • /usr/share/man/man1/ssh-agent.1.gz
    • /usr/share/man/man1/ssh-copy-id.1.gz
    • /usr/share/man/man1/ssh-keygen.1.gz
    • /usr/share/man/man1/ssh-keyscan.1.gz
    • /usr/share/man/man1/ssh.1.gz
    • /usr/share/man/man5/moduli.5.gz
    • /usr/share/man/man5/ssh-ldap.conf.5.gz
    • /usr/share/man/man5/ssh_config.5.gz
    • /usr/share/man/man5/sshd_config.5.gz
    • /usr/share/man/man8/sftp-server.8.gz
    • /usr/share/man/man8/ssh-keysign.8.gz
    • /usr/share/man/man8/ssh-ldap-helper.8.gz
    • /usr/share/man/man8/ssh-pkcs11-helper.8.gz
    • /usr/share/man/man8/sshd.8.gz
    • /var/adm/fillup-templates/sysconfig.ssh
    • /var/lib/sshd/


    2017-01-24 - - Adding missing pieces for user matching (bsc#1021626)

    2017-01-05 - - Properly verify CIDR masks in configuration (bsc#1005893) [openssh-7.2p2-verify_CIDR_address_ranges.patch] - Remove pre-auth compression support from the server to prevent possible cryptographic attacks. (CVE-2016-10012, bsc#1016370) [openssh-7.2p2-disable_preauth_compression.patch] - limit directories for loading PKCS11 modules (CVE-2016-10009, bsc#1016366) [openssh-7.2p2-restrict_pkcs11-modules.patch] - Prevent possible leaks of host private keys to low-privilege process handling authentication (CVE-2016-10011, bsc#1016369) [openssh-7.2p2-prevent_private_key_leakage.patch] - Do not allow unix socket forwarding when running without privilege separation (CVE-2016-10010, bsc#1016368) [openssh-7.2p2-secure_unix_sockets_forwarding.patch]

    2016-11-08 - - prevent resource depletion during key exchange (bsc#1005480, CVE-2016-8858) [openssh-7.2p2-kex_resource_depletion.patch] - fix suggested command for removing conflicting server keys from the known_hosts file (bsc#1006221)

    2016-10-13 - - enable geteuid{,32} syscalls on mainframes, since it may be called from libica/ibmica on machines with hardware crypto accelerator (bsc#1004258) [openssh-7.2p2-seccomp_geteuid.patch] - fix regression of (bsc#823710) [openssh-7.2p2-audit_fixes.patch] - add slogin (removed upstreams) [openssh-7.2p2-keep_slogin.patch]

    2016-09-29 - - remaining patches that were still missing since the update to 7.2p2 (FATE#319675): - allow X forwarding over IPv4 when IPv6 sockets is not available [openssh-7.2p2-X_forward_with_disabled_ipv6.patch] - do not write PID file when not daemonizing [openssh-7.2p2-no_fork-no_pid_file.patch] - use correct options when invoking login [openssh-7.2p2-login_options.patch] - helper application for retrieving users' public keys from an LDAP server [openssh-7.2p2-ldap.patch] - allow forcing permissions over sftp [openssh-7.2p2-sftp_force_permissions.patch] - do not perform run-time checks for OpenSSL API/ABI change [openssh-7.2p2-disable_openssl_abi_check.patch] - suggest commands for cleaning known hosts file [openssh-7.2p2-host_ident.patch] - sftp home chroot patch [openssh-7.2p2-sftp_homechroot.patch] - ssh sessions auditing [openssh-7.2p2-audit.patch] - enable seccomp sandbox on additional architectures [openssh-7.2p2-additional_seccomp_archs.patch] - fix forwarding with IPv6 addresses in DISPLAY (bnc#847710) [openssh-7.2p2-IPv6_X_forwarding.patch] - ignore PAM environment when using login (bsc#975865, CVE-2015-8325) [openssh-7.2p2-ignore_PAM_with_UseLogin.patch] - limit accepted password length (prevents possible DoS) (bsc#992533, CVE-2016-6515) [openssh-7.2p2-limit_password_length.patch] - Prevent user enumeration through the timing of password processing (bsc#989363, CVE-2016-6210) [openssh-7.2p2-prevent_timing_user_enumeration.patch] - Add auditing for PRNG re-seeding [openssh-7.2p2-audit_seed_prng.patch]

    2016-09-16 - - FIPS compatibility (no selfchecks, only crypto restrictions) [openssh-7.2p2-fips.patch] - PRNG re-seeding [openssh-7.2p2-seed-prng.patch] - preliminary version of GSSAPI KEX [openssh-7.2p2-gssapi_key_exchange.patch]

    2016-06-07 - - enable support for SSHv1 protocol and discourage its usage (bsc#983307) - enable DSA by default for backward compatibility and discourage its usage (bsc#983784)