diff --git a/ports/openssh/build.sh b/ports/openssh/build.sh
new file mode 100755
index 00000000..67b7bc38
--- /dev/null
+++ b/ports/openssh/build.sh
@@ -0,0 +1,27 @@
+#!/bin/bash ../install.sh
+
+NAME='openssh'
+VERSION='10.0p1'
+DOWNLOAD_URL="https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-$VERSION.tar.gz#021a2e709a0edf4250b1256bd5a9e500411a90dddabea830ed59cef90eb9d85c"
+DEPENDENCIES=('zlib' 'openssl')
+CONFIG_SUB=('config.sub')
+MAKE_INSTALL_TARGETS=('install-nokeys')
+CONFIGURE_OPTIONS=(
+	'--sysconfdir=/etc'
+	'--sbindir=/usr/bin'
+	'CFLAGS=-Wno-deprecated-declarations'
+)
+
+post_configure() {
+	sed -i 's|#define HAVE_IFADDRS_H 1|/* #undef HAVE_IFADDRS_H */|' config.h || exit 1
+}
+
+post_install() {
+	passwd="$BANAN_SYSROOT/etc/passwd"
+	test "$(tail -c 1 "$passwd")" && echo >> $passwd
+	grep -q '^sshd:' "$passwd" || echo 'sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/bin/nologin' >> "$passwd"
+
+	group="$BANAN_SYSROOT/etc/group"
+	test "$(tail -c 1 "$group")" && echo >> $group
+	grep -q '^sshd:' "$group" || echo 'sshd:x:74:' >> "$group"
+}
diff --git a/ports/openssh/patches/0001-fix-includes.patch b/ports/openssh/patches/0001-fix-includes.patch
new file mode 100644
index 00000000..bd0c09a4
--- /dev/null
+++ b/ports/openssh/patches/0001-fix-includes.patch
@@ -0,0 +1,159 @@
+diff -ru openssh-10.0p1/defines.h openssh-10.0p1-banan_os/defines.h
+--- openssh-10.0p1/defines.h	2025-04-09 10:02:43.000000000 +0300
++++ openssh-10.0p1-banan_os/defines.h	2025-08-16 20:14:26.349781317 +0300
+@@ -55,8 +55,6 @@
+ /*
+  * Definitions for IP type of service (ip_tos)
+  */
+-#include <netinet/in_systm.h>
+-#include <netinet/ip.h>
+ #ifndef IPTOS_LOWDELAY
+ # define IPTOS_LOWDELAY          0x10
+ # define IPTOS_THROUGHPUT        0x08
+diff -ru openssh-10.0p1/hostfile.c openssh-10.0p1-banan_os/hostfile.c
+--- openssh-10.0p1/hostfile.c	2025-04-09 10:02:43.000000000 +0300
++++ openssh-10.0p1-banan_os/hostfile.c	2025-08-16 20:14:26.350235777 +0300
+@@ -44,7 +44,6 @@
+ #include <netinet/in.h>
+ 
+ #include <errno.h>
+-#include <resolv.h>
+ #include <stdarg.h>
+ #include <stdio.h>
+ #include <stdlib.h>
+diff -ru openssh-10.0p1/includes.h openssh-10.0p1-banan_os/includes.h
+--- openssh-10.0p1/includes.h	2025-04-09 10:02:43.000000000 +0300
++++ openssh-10.0p1-banan_os/includes.h	2025-08-16 20:14:26.350610199 +0300
+@@ -112,7 +112,6 @@
+ #endif
+ 
+ #include <netinet/in.h>
+-#include <netinet/in_systm.h> /* For typedefs */
+ #ifdef HAVE_RPC_TYPES_H
+ # include <rpc/types.h> /* For INADDR_LOOPBACK */
+ #endif
+diff -ru openssh-10.0p1/misc.c openssh-10.0p1-banan_os/misc.c
+--- openssh-10.0p1/misc.c	2025-04-09 10:02:43.000000000 +0300
++++ openssh-10.0p1-banan_os/misc.c	2025-08-16 20:16:09.651677904 +0300
+@@ -51,8 +51,6 @@
+ #include <unistd.h>
+ 
+ #include <netinet/in.h>
+-#include <netinet/in_systm.h>
+-#include <netinet/ip.h>
+ #include <netinet/tcp.h>
+ #include <arpa/inet.h>
+ 
+@@ -68,6 +66,9 @@
+ #ifdef SSH_TUN_OPENBSD
+ #include <net/if.h>
+ #endif
++#ifdef __banan_os__
++#include <grp.h>
++#endif
+ 
+ #include "xmalloc.h"
+ #include "misc.h"
+diff -ru openssh-10.0p1/openbsd-compat/getrrsetbyname.h openssh-10.0p1-banan_os/openbsd-compat/getrrsetbyname.h
+--- openssh-10.0p1/openbsd-compat/getrrsetbyname.h	2025-04-09 10:02:43.000000000 +0300
++++ openssh-10.0p1-banan_os/openbsd-compat/getrrsetbyname.h	2025-08-16 20:14:26.351590289 +0300
+@@ -54,9 +54,7 @@
+ 
+ #include <sys/types.h>
+ #include <netinet/in.h>
+-#include <arpa/nameser.h>
+ #include <netdb.h>
+-#include <resolv.h>
+ 
+ #ifndef HFIXEDSZ
+ #define HFIXEDSZ 12
+diff -ru openssh-10.0p1/openbsd-compat/inet_ntop.c openssh-10.0p1-banan_os/openbsd-compat/inet_ntop.c
+--- openssh-10.0p1/openbsd-compat/inet_ntop.c	2025-04-09 10:02:43.000000000 +0300
++++ openssh-10.0p1-banan_os/openbsd-compat/inet_ntop.c	2025-08-16 20:14:26.351822164 +0300
+@@ -26,7 +26,6 @@
+ #include <sys/socket.h>
+ #include <netinet/in.h>
+ #include <arpa/inet.h>
+-#include <arpa/nameser.h>
+ #include <string.h>
+ #include <errno.h>
+ #include <stdio.h>
+diff -ru openssh-10.0p1/openbsd-compat/port-net.c openssh-10.0p1-banan_os/openbsd-compat/port-net.c
+--- openssh-10.0p1/openbsd-compat/port-net.c	2025-04-09 10:02:43.000000000 +0300
++++ openssh-10.0p1-banan_os/openbsd-compat/port-net.c	2025-08-16 20:14:26.352077855 +0300
+@@ -21,7 +21,6 @@
+ 
+ #include <netinet/in.h>
+ #include <arpa/inet.h>
+-#include <netinet/ip.h>
+ 
+ #include <errno.h>
+ #include <fcntl.h>
+diff -ru openssh-10.0p1/packet.c openssh-10.0p1-banan_os/packet.c
+--- openssh-10.0p1/packet.c	2025-04-09 10:02:43.000000000 +0300
++++ openssh-10.0p1-banan_os/packet.c	2025-08-16 20:14:26.352524144 +0300
+@@ -47,7 +47,6 @@
+ #endif
+ 
+ #include <netinet/in.h>
+-#include <netinet/ip.h>
+ #include <arpa/inet.h>
+ 
+ #include <errno.h>
+diff -ru openssh-10.0p1/readconf.c openssh-10.0p1-banan_os/readconf.c
+--- openssh-10.0p1/readconf.c	2025-04-09 10:02:43.000000000 +0300
++++ openssh-10.0p1-banan_os/readconf.c	2025-08-16 20:14:26.353220466 +0300
+@@ -22,8 +22,6 @@
+ 
+ #include <net/if.h>
+ #include <netinet/in.h>
+-#include <netinet/in_systm.h>
+-#include <netinet/ip.h>
+ #include <arpa/inet.h>
+ 
+ #include <ctype.h>
+diff -ru openssh-10.0p1/regress/netcat.c openssh-10.0p1-banan_os/regress/netcat.c
+--- openssh-10.0p1/regress/netcat.c	2025-04-09 10:02:43.000000000 +0300
++++ openssh-10.0p1-banan_os/regress/netcat.c	2025-08-16 20:14:26.354220461 +0300
+@@ -41,7 +41,6 @@
+ 
+ #include <netinet/in.h>
+ #include <netinet/tcp.h>
+-#include <netinet/ip.h>
+ 
+ #include <errno.h>
+ #include <fcntl.h>
+diff -ru openssh-10.0p1/servconf.c openssh-10.0p1-banan_os/servconf.c
+--- openssh-10.0p1/servconf.c	2025-04-09 10:02:43.000000000 +0300
++++ openssh-10.0p1-banan_os/servconf.c	2025-08-16 20:14:26.355220456 +0300
+@@ -20,8 +20,6 @@
+ #endif
+ 
+ #include <netinet/in.h>
+-#include <netinet/in_systm.h>
+-#include <netinet/ip.h>
+ #ifdef HAVE_NET_ROUTE_H
+ #include <net/route.h>
+ #endif
+diff -ru openssh-10.0p1/sshbuf-misc.c openssh-10.0p1-banan_os/sshbuf-misc.c
+--- openssh-10.0p1/sshbuf-misc.c	2025-04-09 10:02:43.000000000 +0300
++++ openssh-10.0p1-banan_os/sshbuf-misc.c	2025-08-16 20:14:26.355717380 +0300
+@@ -28,7 +28,6 @@
+ #include <stdio.h>
+ #include <limits.h>
+ #include <string.h>
+-#include <resolv.h>
+ #include <ctype.h>
+ #include <unistd.h>
+ 
+diff -ru openssh-10.0p1/sshkey.c openssh-10.0p1-banan_os/sshkey.c
+--- openssh-10.0p1/sshkey.c	2025-04-09 10:02:43.000000000 +0300
++++ openssh-10.0p1-banan_os/sshkey.c	2025-08-16 20:14:26.356220450 +0300
+@@ -44,7 +44,6 @@
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <string.h>
+-#include <resolv.h>
+ #include <time.h>
+ #ifdef HAVE_UTIL_H
+ #include <util.h>
diff --git a/ports/openssh/patches/0002-add-posix-style-openpty.patch b/ports/openssh/patches/0002-add-posix-style-openpty.patch
new file mode 100644
index 00000000..36debbd9
--- /dev/null
+++ b/ports/openssh/patches/0002-add-posix-style-openpty.patch
@@ -0,0 +1,30 @@
+diff -ru openssh-10.0p1/openbsd-compat/bsd-openpty.c openssh-10.0p1-banan_os/openbsd-compat/bsd-openpty.c
+--- openssh-10.0p1/openbsd-compat/bsd-openpty.c	2025-04-09 10:02:43.000000000 +0300
++++ openssh-10.0p1-banan_os/openbsd-compat/bsd-openpty.c	2025-08-16 21:40:00.830440398 +0300
+@@ -192,6 +192,26 @@
+ 	}
+ 	return (0);
+ 
++#elif defined(__banan_os__)
++	/* POSIX-style pty code. */
++	if ((*amaster = posix_openpt(O_RDWR | O_NOCTTY)) == -1)
++		return (-1);
++	if (grantpt(*amaster) == -1)
++		return (-1);
++	if (unlockpt(*amaster) == -1)
++		return (-1);
++
++	const char* slavename = ptsname(*amaster);
++	if (slavename == NULL) {
++		close(*amaster);
++		return (-1);
++	}
++	if ((*aslave = open(slavename, O_RDWR | O_NOCTTY)) == -1) {
++		close(*amaster);
++		return (-1);
++	}
++	return (0);
++
+ #else
+ 	/* BSD-style pty code. */
+ 	char ptbuf[64], ttbuf[64];
diff --git a/ports/openssh/patches/0003-remove-dns-host-verification.patch b/ports/openssh/patches/0003-remove-dns-host-verification.patch
new file mode 100644
index 00000000..8f2d17fc
--- /dev/null
+++ b/ports/openssh/patches/0003-remove-dns-host-verification.patch
@@ -0,0 +1,27 @@
+diff -ru openssh-10.0p1/dns.c openssh-10.0p1-banan_os/dns.c
+--- openssh-10.0p1/dns.c	2025-04-09 10:02:43.000000000 +0300
++++ openssh-10.0p1-banan_os/dns.c	2025-08-16 20:44:41.318879222 +0300
+@@ -220,6 +220,11 @@
+ 		return -1;
+ 	}
+ 
++#ifdef __banan_os__
++	debug("TODO: verify_host_key_dns");
++	return -1;
++#endif
++
+ 	result = getrrsetbyname(hostname, DNS_RDATACLASS_IN,
+ 	    DNS_RDATATYPE_SSHFP, 0, &fingerprints);
+ 	if (result) {
+diff -ru openssh-10.0p1/openbsd-compat/getrrsetbyname.c openssh-10.0p1-banan_os/openbsd-compat/getrrsetbyname.c
+--- openssh-10.0p1/openbsd-compat/getrrsetbyname.c	2025-04-09 10:02:43.000000000 +0300
++++ openssh-10.0p1-banan_os/openbsd-compat/getrrsetbyname.c	2025-08-16 20:39:16.773645998 +0300
+@@ -47,7 +47,7 @@
+ 
+ #include "includes.h"
+ 
+-#if !defined (HAVE_GETRRSETBYNAME) && !defined (HAVE_LDNS)
++#if !defined (HAVE_GETRRSETBYNAME) && !defined (HAVE_LDNS) && !defined(__banan_os__)
+ 
+ #include <stdlib.h>
+ #include <string.h>
diff --git a/ports/openssh/patches/0004-bypass-password-authentication.patch b/ports/openssh/patches/0004-bypass-password-authentication.patch
new file mode 100644
index 00000000..4766d295
--- /dev/null
+++ b/ports/openssh/patches/0004-bypass-password-authentication.patch
@@ -0,0 +1,15 @@
+diff -ru openssh-10.0p1/auth-passwd.c openssh-10.0p1-banan_os/auth-passwd.c
+--- openssh-10.0p1/auth-passwd.c	2025-04-09 10:02:43.000000000 +0300
++++ openssh-10.0p1-banan_os/auth-passwd.c	2025-08-16 21:36:13.372676511 +0300
+@@ -83,6 +83,11 @@
+ 	static int expire_checked = 0;
+ #endif
+ 
++#ifdef __banan_os__
++	debug_f("bypassing password auth on banan-os");
++	return 1;
++#endif
++
+ 	if (strlen(password) > MAX_PASSWORD_LEN)
+ 		return 0;
+ 
diff --git a/ports/openssh/patches/0005-disable-fd-passing.patch b/ports/openssh/patches/0005-disable-fd-passing.patch
new file mode 100644
index 00000000..1368d637
--- /dev/null
+++ b/ports/openssh/patches/0005-disable-fd-passing.patch
@@ -0,0 +1,12 @@
+diff -ru openssh-10.0p1/monitor_fdpass.c openssh-10.0p1-banan_os/monitor_fdpass.c
+--- openssh-10.0p1/monitor_fdpass.c	2025-04-09 10:02:43.000000000 +0300
++++ openssh-10.0p1-banan_os/monitor_fdpass.c	2025-08-16 20:19:34.939538040 +0300
+@@ -51,7 +51,7 @@
+ int
+ mm_send_fd(int sock, int fd)
+ {
+-#if defined(HAVE_SENDMSG) && (defined(HAVE_ACCRIGHTS_IN_MSGHDR) || defined(HAVE_CONTROL_IN_MSGHDR))
++#if defined(HAVE_SENDMSG) && (defined(HAVE_ACCRIGHTS_IN_MSGHDR) || defined(HAVE_CONTROL_IN_MSGHDR)) && !defined(__banan_os__)
+ 	struct msghdr msg;
+ #ifndef HAVE_ACCRIGHTS_IN_MSGHDR
+ 	union {
diff --git a/ports/openssh/patches/0006-dont-require-maildir.patch b/ports/openssh/patches/0006-dont-require-maildir.patch
new file mode 100644
index 00000000..816af3c6
--- /dev/null
+++ b/ports/openssh/patches/0006-dont-require-maildir.patch
@@ -0,0 +1,17 @@
+diff -ru openssh-10.0p1/session.c openssh-10.0p1-banan_os/session.c
+--- openssh-10.0p1/session.c	2025-04-09 10:02:43.000000000 +0300
++++ openssh-10.0p1-banan_os/session.c	2025-08-16 20:33:52.515584804 +0300
+@@ -1039,11 +1039,13 @@
+ # endif /* HAVE_CYGWIN */
+ #endif /* HAVE_LOGIN_CAP */
+ 
++#ifdef _PATH_MAILDIR
+ 	if (!options.use_pam) {
+ 		snprintf(buf, sizeof buf, "%.200s/%.50s",
+ 		    _PATH_MAILDIR, pw->pw_name);
+ 		child_set_env(&env, &envsize, "MAIL", buf);
+ 	}
++#endif
+ 
+ 	/* Normal systems set SHELL by default. */
+ 	child_set_env(&env, &envsize, "SHELL", shell);
diff --git a/ports/openssh/patches/0007-fix-definitions.patch b/ports/openssh/patches/0007-fix-definitions.patch
new file mode 100644
index 00000000..5a753f7a
--- /dev/null
+++ b/ports/openssh/patches/0007-fix-definitions.patch
@@ -0,0 +1,50 @@
+diff -ru openssh-10.0p1/openbsd-compat/bindresvport.c openssh-10.0p1-banan_os/openbsd-compat/bindresvport.c
+--- openssh-10.0p1/openbsd-compat/bindresvport.c	2025-04-09 10:02:43.000000000 +0300
++++ openssh-10.0p1-banan_os/openbsd-compat/bindresvport.c	2025-08-16 20:17:45.611175439 +0300
+@@ -84,7 +84,7 @@
+ 		salen = sizeof(struct sockaddr_in6);
+ 		portp = &in6->sin6_port;
+ 	} else {
+-		errno = EPFNOSUPPORT;
++		errno = EAFNOSUPPORT;
+ 		return (-1);
+ 	}
+ 	sa->sa_family = af;
+diff -ru openssh-10.0p1/openbsd-compat/rresvport.c openssh-10.0p1-banan_os/openbsd-compat/rresvport.c
+--- openssh-10.0p1/openbsd-compat/rresvport.c	2025-04-09 10:02:43.000000000 +0300
++++ openssh-10.0p1-banan_os/openbsd-compat/rresvport.c	2025-08-16 20:41:28.379888086 +0300
+@@ -76,7 +76,7 @@
+ 		portp = &((struct sockaddr_in6 *)sa)->sin6_port;
+ 		break;
+ 	default:
+-		errno = EPFNOSUPPORT;
++		errno = EAFNOSUPPORT;
+ 		return (-1);
+ 	}
+ 	sa->sa_family = af;
+diff -ru openssh-10.0p1/sftp.c openssh-10.0p1-banan_os/sftp.c
+--- openssh-10.0p1/sftp.c	2025-04-09 10:02:43.000000000 +0300
++++ openssh-10.0p1-banan_os/sftp.c	2025-08-16 20:40:34.232198385 +0300
+@@ -70,6 +70,10 @@
+ #include "sftp-client.h"
+ #include "sftp-usergroup.h"
+ 
++#ifdef I_LINK
++# undef I_LINK
++#endif
++
+ /* File to read commands from */
+ FILE* infile;
+ 
+diff -ru openssh-10.0p1/sshconnect.c openssh-10.0p1-banan_os/sshconnect.c
+--- openssh-10.0p1/sshconnect.c	2025-04-09 10:02:43.000000000 +0300
++++ openssh-10.0p1-banan_os/sshconnect.c	2025-08-16 20:36:49.285681979 +0300
+@@ -605,7 +605,7 @@
+ 	switch (hostaddr->sa_family) {
+ 	case AF_INET:
+ 		return (ntohl(((struct sockaddr_in *)hostaddr)->
+-		    sin_addr.s_addr) >> 24) == IN_LOOPBACKNET;
++		    sin_addr.s_addr) >> 24) == 127;
+ 	case AF_INET6:
+ 		return IN6_IS_ADDR_LOOPBACK(
+ 		    &(((struct sockaddr_in6 *)hostaddr)->sin6_addr));