notbugAs an Amazon Associate I earn from qualifying purchases.
Want a good read? Try FreeBSD Mastery: Jails (IT Mastery Book 15)
Want a good monitor light? See my photosAll times are UTC		 Ukraine
The recently imposed "must be logged in" restriction is a response to increased bot traffic on the site. This affects search, commits, and vuxml pages.
Search engines are not blocked. Try using "site:www.freshports.org" and your search terms.
Port details on branch 2025Q1
openssh-portable The portable version of OpenBSD's OpenSSH
9.9.p2_1,1 security on this many watch lists=0 search for ports that depend on this port An older version of this port was marked as vulnerable. Find issues related to this port Report an issue related to this port View this port on Repology. pkg-fallout 10.2.p1_3,1Version of this port present on the latest quarterly branch.
Maintainer: bdrewery@FreeBSD.org search for ports maintained by this maintainer
Port Added: 2025-02-19 16:15:15
Last Update: 2025-02-19 21:47:57
Commit Hash: 00b520a
License: OPENSSH
WWW:
https://www.openssh.com/portable.html
Description:
OpenBSD's OpenSSH portable version Normal OpenSSH development produces a very small, secure, and easy to maintain version for the OpenBSD project. The OpenSSH Portability Team takes that pure version and adds portability code so that OpenSSH can run on many other operating systems (Unfortunately, in particular since OpenSSH does authentication, it runs into a *lot* of differences between Unix operating systems). The portable OpenSSH follows development of the official version, but releases are not synchronized. Portable releases are marked with a 'p' (e.g. 3.1p1). The official OpenBSD source will never use the 'p' suffix, but will instead increment the version number when they hit 'stable spots' in their development.
Homepage    cgit ¦ Codeberg ¦ GitHub ¦ GitLab ¦ SVNWeb - no subversion history for this port

Manual pages:
FreshPorts has no man page information for this port.
pkg-plist: as obtained via: make generate-plist
There is no configure plist information for this port.
USE_RC_SUBR (Service Scripts)
  • no SUBR information found for this port
Dependency lines:
  • openssh-portable>0:security/openssh-portable
Conflicts:
CONFLICTS:
  • openssh-3.*
  • ssh-1.*
  • ssh2-3.*
  • openssh-portable-devel
CONFLICTS_INSTALL:
  • openssh-portable-hpn
  • openssh-portable-gssapi
  • openssh-portable-x509
To install the port:
cd /usr/ports/security/openssh-portable/ && make install clean
To add the package, run one of these commands:
  • pkg install security/openssh-portable
  • pkg install openssh-portable
NOTE: If this package has multiple flavors (see below), then use one of them instead of the name specified above.
PKGNAME: openssh-portable
Package flavors (<flavor>: <package>)
  • default: openssh-portable
  • hpn: openssh-portable-hpn
  • gssapi: openssh-portable-gssapi
distinfo:
TIMESTAMP = 1739980882 SHA256 (openssh-9.9p2.tar.gz) = 91aadb603e08cc285eddf965e1199d02585fa94d994d6cae5b41e1721e215673 SIZE (openssh-9.9p2.tar.gz) = 1944499

Expand this list (2 items)

Collapse this list.

SHA256 (openssh-9.9p1-gsskex-all-debian-rh-9.9p1.patch) = b8b590024137d54394fd46ebfe32f2b081d0744abdcdcacf6dd30d1c91339864 SIZE (openssh-9.9p1-gsskex-all-debian-rh-9.9p1.patch) = 125233

Collapse this list.

Packages (timestamps in pop-ups are UTC):
openssh-portable
ABIaarch64amd64armv6armv7i386powerpcpowerpc64powerpc64le
FreeBSD:13:latest--8.4.p1_3,110.0.p1_2,1-n/an/an/a
FreeBSD:13:quarterly10.2.p1_1,110.2.p1_3,19.3.p1,110.0.p1_1,110.2.p1_3,1n/an/an/a
FreeBSD:14:latest10.3.p1,110.3.p1,19.1.p1,110.0.p1_2,110.3.p1,19.3.p1,1-9.3.p1,1
FreeBSD:14:quarterly10.2.p1_3,110.2.p1_3,1-10.0.p1_1,110.2.p1_3,19.6.p1_1,19.6.p1_1,19.6.p1_1,1
FreeBSD:15:latest10.3.p1,110.3.p1,1n/a10.0.p1_1,1n/an/a9.6.p1_1,19.6.p1_1,1
FreeBSD:15:quarterly10.2.p1_3,110.2.p1_3,1n/a-n/an/a--
FreeBSD:16:latest10.3.p1,110.3.p1,1n/a-n/an/a--
 
openssh-portable-gssapi
ABIaarch64amd64armv6armv7i386powerpcpowerpc64powerpc64le
FreeBSD:13:latest--8.4.p1_3,110.0.p1_2,1-n/an/an/a
FreeBSD:13:quarterly10.2.p1_1,110.2.p1_3,1-10.0.p1_1,110.2.p1_3,1n/an/an/a
FreeBSD:14:latest10.3.p1,110.3.p1,1-10.0.p1_2,110.3.p1,1---
FreeBSD:14:quarterly10.2.p1_3,110.2.p1_3,1-10.0.p1_1,110.2.p1_3,19.6.p1_1,19.6.p1_1,19.6.p1_1,1
FreeBSD:15:latest10.3.p1,110.3.p1,1n/a10.0.p1_1,1n/an/a9.6.p1_1,19.6.p1_1,1
FreeBSD:15:quarterly10.2.p1_3,110.2.p1_3,1n/a-n/an/a--
FreeBSD:16:latest10.3.p1,110.3.p1,1n/a-n/an/a--
 
openssh-portable-hpn
ABIaarch64amd64armv6armv7i386powerpcpowerpc64powerpc64le
FreeBSD:13:latest--8.4.p1_3,110.0.p1_2,1-n/an/an/a
FreeBSD:13:quarterly10.2.p1_1,110.2.p1_3,19.3.p1,110.0.p1_1,110.2.p1_3,1n/an/an/a
FreeBSD:14:latest10.3.p1,110.3.p1,19.1.p1,110.0.p1_2,110.3.p1,19.3.p1,1-9.3.p1,1
FreeBSD:14:quarterly10.2.p1_3,110.2.p1_3,1-10.0.p1_1,110.2.p1_3,19.6.p1_1,19.6.p1_1,19.6.p1_1,1
FreeBSD:15:latest10.3.p1,110.3.p1,1n/a10.0.p1_1,1n/an/a9.6.p1_1,19.6.p1_1,1
FreeBSD:15:quarterly10.2.p1_3,110.2.p1_3,1n/a-n/an/a--
FreeBSD:16:latest10.3.p1,110.3.p1,1n/a-n/an/a--
 
Dependencies
NOTE: FreshPorts displays only information on required and default dependencies. Optional dependencies are not covered.
Build dependencies:
  1. pkgconf>=1.3.0_1 : devel/pkgconf
  2. autoconf>=2.72 : devel/autoconf
  3. automake>=1.17 : devel/automake
Library dependencies:
  1. libfido2.so : security/libfido2
  2. libldns.so : dns/ldns
  3. libedit.so.0 : devel/libedit
There are no ports dependent upon this port
Configuration Options:
===> The following configuration options are available for openssh-portable-9.9.p2_1,1: BLACKLISTD=off: FreeBSD blacklistd(8) support BSM=off: OpenBSM Auditing DOCS=on: Build and/or install documentation FIDO_U2F=on: FIDO/U2F support (security/libfido2) HPN=off: HPN-SSH patch KERB_GSSAPI=off: Kerberos/GSSAPI patch (req: GSSAPI) LDNS=on: SSHFP/LDNS support LIBEDIT=on: Command line editing via libedit NONECIPHER=off: NONE Cipher support PAM=on: Pluggable authentication module support TCP_WRAPPERS=on: tcp_wrappers support XMSS=off: XMSS key support (experimental) ====> Kerberos support: you can only select none or one of them MIT=off: MIT Kerberos (security/krb5) HEIMDAL=off: Heimdal Kerberos (security/heimdal) HEIMDAL_BASE=off: Heimdal Kerberos (base) ===> Use 'make config' to modify these settings
Options name:
security_openssh-portable
USES:
alias autoreconf compiler:c11 cpe localbase ncurses pkgconfig ssl libedit
pkg-message:
For install:
To enable this port, add openssh_enable="YES" in your rc.conf. To prevent conflict with openssh in the base system add sshd_enable="NO" in your rc.conf. Also you can configure openssh at another TCP port (via sshd_config 'Port' and 'Listen' options or via 'openssh_flags' variable in rc.conf) and run it in same time with base sshd. 'PermitRootLogin no' is the default for the OpenSSH port. This now matches the PermitRootLogin configuration of OpenSSH in the base system. Please be aware of this when upgrading your OpenSSH port, and if truly necessary, re-enable remote root login by readjusting this option in your sshd_config. Users are encouraged to create single-purpose users with ssh keys, disable Password authentication by setting 'PasswordAuthentication no' and 'ChallengeResponseAuthentication no', and to define very narrow sudo privileges instead of using root for automated tasks.
Master Sites:
Expand this list (7 items)
Collapse this list.
  1. https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/
  2. https://cloudflare.cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/
  3. https://ftp.OpenBSD.org/pub/OpenBSD/OpenSSH/portable/
  4. https://ftp.eu.openbsd.org/pub/OpenBSD/OpenSSH/portable/
  5. https://ftp.usa.openbsd.org/pub/OpenBSD/OpenSSH/portable/
  6. https://mirror.aarnet.edu.au/pub/OpenBSD/OpenSSH/portable/
  7. https://mirror.leaseweb.com/pub/OpenBSD/OpenSSH/portable/
Collapse this list.

Number of commits found: 2

Commit History - (may be incomplete: for full details, see links to repositories near top of page)
CommitCreditsLog message
9.9.p2_1,1
19 Feb 2025 21:47:57
commit hash: 00b520a311a98c3b7749f06df80196c21390cc39commit hash: 00b520a311a98c3b7749f06df80196c21390cc39commit hash: 00b520a311a98c3b7749f06df80196c21390cc39commit hash: 00b520a311a98c3b7749f06df80196c21390cc39 files touched by this commit		 Bryan Drewery (bdrewery) search for other commits by this committer 
security/openssh-portable: LDNS: Disable default VerifyHostKeyDNS

This follows base 41ff5ea22cb95d which disabled this as the default.

(cherry picked from commit d2522f470441a2389a85e4f694f27cb4ef8f1101)
9.9.p2,1
19 Feb 2025 16:12:35
commit hash: 103d65375884980a3f4dcc84429207b5dde18f58commit hash: 103d65375884980a3f4dcc84429207b5dde18f58commit hash: 103d65375884980a3f4dcc84429207b5dde18f58commit hash: 103d65375884980a3f4dcc84429207b5dde18f58 files touched by this commit This port version is marked as vulnerable.		 Bryan Drewery (bdrewery) search for other commits by this committer 
security/openssh-portable: Update to 9.9p2

Changes: https://www.openssh.com/releasenotes.html
Security:
  * Fix CVE-2025-26465 - ssh(1) in OpenSSH versions 6.8p1 to 9.9p1
    (inclusive) contained a logic error that allowed an on-path
    attacker (a.k.a MITM) to impersonate any server when the
    VerifyHostKeyDNS option is enabled. This option is off by default.

  * Fix CVE-2025-26466 - sshd(8) in OpenSSH versions 9.5p1 to 9.9p1
    (inclusive) is vulnerable to a memory/CPU denial-of-service related
    to the handling of SSH2_MSG_PING packets. This condition may be

(cherry picked from commit 1896ee6874cd44b6c8d08feb40b4b8f445ae9184)

Number of commits found: 2
Login
User Login
Create account

Servers and bandwidth provided by
New York Internet, iXsystems, and RootBSD

This site
What is FreshPorts?
About the authors
Issues
FAQ
How big is it?
Security Policy
Privacy
Blog
Contact

Search
Enter Keywords:
 
more...

Latest Vulnerabilities
python310*Jun 19
python310*Jun 19
python310*Jun 19
python310*Jun 19
python311*Jun 19
python311*Jun 19
python311*Jun 19
python311*Jun 19
python312*Jun 19
python312*Jun 19
python312*Jun 19
python312*Jun 19
python313*Jun 19
python313*Jun 19
python313*Jun 19

39 vulnerabilities affecting 421 ports have been reported in the past 14 days

* - modified, not new

All vulnerabilities

Last processed:
2026-06-21 13:04:26 UTC


Ports
Home
Categories
Deleted ports
Sanity Test Failures
Newsfeeds

Statistics
Graphs
NEW Graphs (Javascript)

Calculated hourly:
Port count 34591
Broken 78
Deprecated 324
Ignore 194
Forbidden 0
Restricted 1
No CDROM 1
Vulnerable 41
Expired 14
Set to expire 251
Interactive 0
new 24 hours 0
new 48 hours5
new 7 days36
new fortnight57
new month141
Servers and bandwidth provided by
New York Internet, iXsystems, and RootBSD 		Valid HTML, CSS, and RSS. Copyright © 2000-2026 Dan Langille. All rights reserved.