openssh-client - secure shell (SSH) client, for secure access to remote machines

Distribution: Debian 7 (Wheezy)
Repository: Debian Main amd64
Package name: openssh-client
Package version: 6.0p1
Package release: 4+deb7u4
Package architecture: amd64
Package type: deb
Installed size: 2.28 KB
Download size: 1001.20 KB
Official Mirror:
This is the portable version of OpenSSH, a free implementation of the Secure Shell protocol as specified by the IETF secsh working group. Ssh (Secure Shell) is a program for logging into a remote machine and for executing commands on a remote machine. It provides secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. It can be used to provide applications with a secure communication channel. This package provides the ssh, scp and sftp clients, the ssh-agent and ssh-add programs to make public key authentication more convenient, and the ssh-keygen, ssh-keyscan, ssh-copy-id and ssh-argv0 utilities. In some countries it may be illegal to use any encryption at all without a special permit. ssh replaces the insecure rsh, rcp and rlogin programs, which are obsolete for most purposes.



  • rsh-client
  • ssh-client


  • rsh-client << 0.16.1-1
  • sftp
  • ssh << 1:3.8.1p1-9
  • ssh-krb5 << 1:4.3p2-7


  • ssh
  • ssh-krb5


    Source package: openssh

    Install Howto

    1. Update the package index:
      # sudo apt-get update
    2. Install openssh-client deb package:
      # sudo apt-get install openssh-client


    • /etc/ssh/moduli
    • /etc/ssh/ssh_config
    • /usr/bin/scp
    • /usr/bin/sftp
    • /usr/bin/slogin
    • /usr/bin/ssh
    • /usr/bin/ssh-add
    • /usr/bin/ssh-agent
    • /usr/bin/ssh-argv0
    • /usr/bin/ssh-copy-id
    • /usr/bin/ssh-keygen
    • /usr/bin/ssh-keyscan
    • /usr/bin/ssh-vulnkey
    • /usr/lib/openssh/ssh-keysign
    • /usr/lib/openssh/ssh-pkcs11-helper
    • /usr/share/doc/openssh-client/ChangeLog.gssapi
    • /usr/share/doc/openssh-client/NEWS.Debian.gz
    • /usr/share/doc/openssh-client/OVERVIEW.gz
    • /usr/share/doc/openssh-client/README
    • /usr/share/doc/openssh-client/README.Debian.gz
    • /usr/share/doc/openssh-client/README.compromised-keys.gz
    • /usr/share/doc/openssh-client/README.dns
    • /usr/share/doc/openssh-client/README.tun.gz
    • /usr/share/doc/openssh-client/changelog.Debian.gz
    • /usr/share/doc/openssh-client/changelog.gz
    • /usr/share/doc/openssh-client/copyright
    • /usr/share/doc/openssh-client/faq.html
    • /usr/share/lintian/overrides/openssh-client
    • /usr/share/man/man1/scp.1.gz
    • /usr/share/man/man1/sftp.1.gz
    • /usr/share/man/man1/slogin.1.gz
    • /usr/share/man/man1/ssh-add.1.gz
    • /usr/share/man/man1/ssh-agent.1.gz
    • /usr/share/man/man1/ssh-argv0.1.gz
    • /usr/share/man/man1/ssh-copy-id.1.gz
    • /usr/share/man/man1/ssh-keygen.1.gz
    • /usr/share/man/man1/ssh-keyscan.1.gz
    • /usr/share/man/man1/ssh-vulnkey.1.gz
    • /usr/share/man/man1/ssh.1.gz
    • /usr/share/man/man5/moduli.5.gz
    • /usr/share/man/man5/ssh_config.5.gz
    • /usr/share/man/man8/ssh-keysign.8.gz
    • /usr/share/man/man8/ssh-pkcs11-helper.8.gz


    2016-04-14 - Salvatore Bonaccorso <> openssh (1:6.0p1-4+deb7u4) wheezy-security; urgency=high * Non-maintainer upload by the Security Team. * CVE-2015-8325: Ignore PAM environment vars when UseLogin=yes

    2016-01-13 - Yves-Alexis Perez <> openssh (1:6.0p1-4+deb7u3) wheezy-security; urgency=high * Non-maintainer upload by the Security Team. * Disable roaming in openssh client: roaming code is vulnerable to an information leak (CVE-2016-0777) and heap-based buffer overflow (CVE-2016-0778).

    2014-06-28 - Colin Watson <> openssh (1:6.0p1-4+deb7u2) stable; urgency=medium * Restore patch to disable OpenSSL version check (closes: #749472).

    2014-04-03 - Colin Watson <> openssh (1:6.0p1-4+deb7u1) stable-security; urgency=high * CVE-2014-2532: Disallow invalid characters in environment variable names to prevent bypassing AcceptEnv wildcard restrictions. * CVE-2014-2653: Attempt SSHFP lookup even if server presents a certificate (closes: #742513).

    2013-02-08 - Colin Watson <> openssh (1:6.0p1-4) unstable; urgency=low * CVE-2010-5107: Improve DoS resistance by changing default of MaxStartups to 10:30:100 (closes: #700102).

    2012-08-24 - Colin Watson <> openssh (1:6.0p1-3) unstable; urgency=low * debconf template translations: - Add Indonesian (thanks, Andika Triwidada; closes: #681670). * Call restorecon on copied ~/.ssh/authorized_keys if possible, since some SELinux policies require this (closes: #658675). * Add ncurses-term to openssh-server's Recommends, since it's often needed to support unusual terminal emulators on clients (closes: #675362).

    2012-06-24 - Colin Watson <> openssh (1:6.0p1-2) unstable; urgency=low * Tighten libssl1.0.0 and libcrypto1.0.0-udeb dependencies to the current "fix" version at build time (closes: #678661).

    2012-05-26 - Colin Watson <> openssh (1:6.0p1-1) unstable; urgency=low [ Roger Leigh ] * Display dynamic part of MOTD from /run/motd.dynamic, if it exists (closes: #669699). [ Colin Watson ] * Update OpenSSH FAQ to revision 1.113, fixing missing line break (closes: #669667). * New upstream release (closes: #671010, - Fix IPQoS not being set on non-mapped v4-in-v6 addressed connections (closes: #643312, #650512, #671075). - Add a new privilege separation sandbox implementation for Linux's new seccomp sandbox, automatically enabled on platforms that support it. (Note: privilege separation sandboxing is still experimental.) * Fix a bashism in configure's seccomp_filter check. * Add a sandbox fallback mechanism, so that behaviour on Linux depends on whether the running system's kernel has seccomp_filter support, not the build system's kernel (forwarded upstream as

    2012-04-02 - Colin Watson <> openssh (1:5.9p1-5) unstable; urgency=low * Use dpkg-buildflags, including for hardening support; drop use of hardening-includes. * Fix cross-building: - Allow using a cross-architecture pkg-config. - Pass default LDFLAGS to contrib/Makefile. - Allow dh_strip to strip gnome-ssh-askpass, rather than calling 'install -s'.

    2012-03-19 - Colin Watson <> openssh (1:5.9p1-4) unstable; urgency=low * Disable OpenSSL version check again, as its SONAME is sufficient nowadays (closes: #664383).