OpenSSH
OpenSSH
8.4

5.0

OpenSSH free download for Mac

OpenSSH8.4

28 September 2020

SSH protocol connectivity tools.

Overview

OpenSSH is a free version of the SSH connectivity tools that technical users of the Internet rely on. Users of telnet, rlogin, and ftp may not realize that their password is transmitted across the Internet unencrypted, but it is. OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other attacks. Additionally, OpenSSH provides secure tunneling capabilities and several authentication methods, and supports all SSH protocol versions.

Note: While the software is classified as free, it is actually donationware. Please consider making a donation to help support development.

What's new in OpenSSH

Version 8.4:
Security:
  • ssh-agent(1): restrict ssh-agent from signing web challenges for FIDO/U2F keys.
  • When signing messages in ssh-agent using a FIDO key that has an application string that does not start with "ssh:", ensure that the message being signed is one of the forms expected for the SSH protocol (currently public key authentication and sshsig signatures).
  • This prevents ssh-agent forwarding on a host that has FIDO keys attached granting the ability for the remote side to sign challenges for web authentication using those keys too.
  • Note that the converse case of web browsers signing SSH challenges is already precluded because no web RP can have the "ssh:" prefix in the application string that we require.
  • ssh-keygen(1): Enable FIDO 2.1 credProtect extension when generating a FIDO resident key.
  • The recent FIDO 2.1 Client to Authenticator Protocol introduced a "credProtect" feature to better protect resident keys. We use this option to require a PIN prior to all operations that may retrieve a resident key from a FIDO token.
Potentially-incompatible changes:
  • This release includes a number of changes that may affect existing configurations:
  • For FIDO/U2F support, OpenSSH recommends the use of libfido2 1.5.0 or greater. Older libraries have limited support at the expense of disabling particular features. These include resident keys, PIN-required keys and multiple attached tokens.
  • ssh-keygen(1): the format of the attestation information optionally recorded when a FIDO key is generated has changed. It now includes the authenticator data needed to validate attestation signatures.
  • The API between OpenSSH and the FIDO token middleware has changed and the SSH_SK_VERSION_MAJOR version has been incremented as a result. Third-party middleware libraries must support the current API version (7) to work with OpenSSH 8.4.
  • The portable OpenSSH distribution now requires automake to rebuild the configure script and supporting files. This is not required when simply building portable OpenSSH from a release tar file.

Related articles

Join over 500,000 subscribers.

Subscribe for our newsletter with best Mac offers from MacUpdate.

How would you rate OpenSSH app?

5 Reviews of OpenSSH

outer
22 April 2012
Version: 6.0

Most helpful

Does this coëxist with or overwrite Apple's implementation? If it overwrites, how can I know whether it will mess up other parts of my Apple-provided infrastructure?
(2)
outer
22 April 2012
Version: 6.0
Does this coëxist with or overwrite Apple's implementation? If it overwrites, how can I know whether it will mess up other parts of my Apple-provided infrastructure?
(2)
Show comment (1)
Mac2048
19 November 2006
Version: 4.5
I can't install OpenSSH 4.5 because it looks like the Makefile has a syntax error on line 3. It doesn't seem to like ".include" but it's happy with simply "include" without the dot. If I make that change then it gets a similar syntax error down in /usr/share/mk/bsd.own.mk (due to ".if" vs. "if"). I don't want to touch that file. The original error is: Makefile:3: *** missing separator. Stop. MacOS 10.2.8 (old, I know, which is why I want to upgrade ssh), /usr/bin/make is GNU Make version 3.79 Has anybody run into this?
(2)
Show comments (2)
1
Anonymous
28 July 2001
Version: 2.5.2
Download is unusable when clicked. "File does not appear to be compressed or encoded. Obtain further information about the contents of this file from the sender or provider of the file." Thanks a lot. Me, bitter? Disappointed? An utter waste of download time!
(0)
4.5
Anonymous
28 March 2001
Version: 2.5.2
err. ok. so it worked flawlessly today. whatever. It works like it should
(0)
2.25
Anonymous
26 March 2001
Version: 2.5.2
unfortunately, wouldn't let the installation complete..and yes I did go through the whole process of typing in the admin password, trying three times, etc it also reset some of my preferences in the process. &^%$@^%!
(0)
Free

5.0

App requirements: 
  • Intel 64
  • Intel 32
  • PPC 64
  • Mac OS X 10.1.5 or later
License: 
FreeAbsolutely Free

Downloaded & Installed 66,459 times

Similar apps
ProxyCap
ProxyCap
Tunnel applications through proxy and SSH servers.
Is this app is similar to ProxyCap? Vote to improve the quality of this list.
Vote results
0
Upvotes
1
Total score
0
Downvotes
SSH Proxy
SSH Proxy
Turn various remote SSH servers into SOCKS v5 proxies.
Is this app is similar to SSH Proxy? Vote to improve the quality of this list.
Vote results
0
Upvotes
1
Total score
0
Downvotes
SSH Tunnel
SSH Tunnel
Manage and control your SSH tunnels.
Is this app is similar to SSH Tunnel? Vote to improve the quality of this list.
Vote results
0
Upvotes
1
Total score
0
Downvotes
SSH Shell
SSH Shell
Secure one-click log-in.
Is this app is similar to SSH Shell? Vote to improve the quality of this list.
Vote results
0
Upvotes
1
Total score
0
Downvotes
Core Tunnel
Core Tunnel
Missing tunnel manager.
Is this app is similar to Core Tunnel? Vote to improve the quality of this list.
Vote results
0
Upvotes
1
Total score
0
Downvotes