OpenSSH-GUI is designed with security as a core principle. We take vulnerabilities seriously and aim to handle responsible disclosures transparently.
- Go to Security Tab
- Click "Report a vulnerability"
- Submit details via private form
Send to: frequency403@noreply.github.com
Include:
- Affected version(s)
- Steps to reproduce
- Potential impact
- Suggested fix (if known)
Response Timeline:
| Severity | Initial Response | ETA for Fix |
|---|---|---|
| π΄ Critical | Within 48 hours | ASAP (hotfix) |
| π High | Within 7 days | 1-2 weeks |
| π‘ Medium | Within 14 days | Next release |
| π’ Low | Within 30 days | Scheduled |
Does:
- Manage SSH keys stored locally on your machine
- Parse key metadata without transmitting data
- Integrate with system SSH agent (ssh-agent/agent)
Does NOT:
- Store keys in cloud/storage servers
- Transmit keys or credentials over network
- Replace OpenSSH security model
- Handle SSH server-side security
Scope:
This tool operates on the client side only. Network-level SSH security remains governed by the underlying OpenSSH implementation.
Stay informed by:
- Watching the Releases page
- Enabling dependency updates (Dependabot enabled)
- Following GitHub notifications
- Keep OpenSSH-GUI updated β Security patches are released regularly
- Verify checksums β Download releases from official GitHub Releases only
- Use strong passphrases β GUI doesn't weaken key encryption
- Audit installed keys β Regularly review authorized_keys/known_hosts
Security researchers who responsibly disclose vulnerabilities will be credited in release notes (unless anonymity requested).
Thank you for helping keep OpenSSH-GUI secure!