OpenSSH (also known as OpenBSD Secure Shell) is a suite of security-related network-level utilities based on the Secure Shell (SSH) protocol, which help to secure network communications via the encryption of network traffic over multiple authentication methods and by providing secure tunneling capabilities.
OpenSSH started as a fork of the free SSH program, developed by Tatu Ylönen; later versions of Ylönen’s SSH were proprietary software, offered bySSH Communications Security. OpenSSH was first released as part of the OpenBSDoperating system in 1999.
OpenSSH is not a single computer program, but rather a suite of programs that serve as alternatives to unencrypted network communication protocols like FTPand rlogin. Active development primarily takes place within the OpenBSD source tree. OpenSSH is integrated into the base system of several other BSD projects, while the portable version is available as a package in other Unix-like systems.
OpenSSH was created by the OpenBSD team as an alternative to the original SSH software by Tatu Ylönen, which is now proprietary software. Although source code is available for the original SSH, various restrictions are imposed on its use and distribution. OpenSSH was created as a fork of Björn Grönvall’s OSSH that itself was a fork of Tatu Ylönen’s original free SSH 1.2.12 release, which was the last one having a license suitable for forking. The OpenSSH developers claim that their application is more secure than the original, due to their policy of producing clean and auditedcode and because it is released under the BSD license, the open source license to which the word open in the name refers.
OpenSSH first appeared in OpenBSD 2.6. The first portable release was made in October 1999. Developments since then have included the addition of ciphers (e.g., chacha20–poly1305 in 6.5 of January 2014), cutting the dependency on OpenSSL (6.7, October 2014) and an extension to facilitate public key discovery and rotation for trusted hosts (for transition from DSA to Ed25519 public host keys, version 6.8 of March 2015).
The OpenSSH suite includes the following command-line utilities and daemons:
- ssh, a replacement for rlogin, rsh and telnet to allow shell access to a remote machine.
- scp, a replacement for rcp
- sftp, a replacement for ftp to copy files between computers
- sshd, the SSH server daemon
- ssh-keygen, a tool to inspect and generate the RSA, DSA and Elliptic Curve keys that are used for user and host authentication
- ssh-agent and ssh-add, utilities to ease authentication by holding keys ready and avoid the need to enter passphrases every time they are used
- ssh-keyscan, which scans a list of hosts and collects their public keys