diff --git a/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/Manifest b/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/Manifest
index 570a72c142..40dccfe452 100644
--- a/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/Manifest
+++ b/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/Manifest
@@ -1,2 +1,2 @@
-DIST openssh-9.4p1.tar.gz 1845094 BLAKE2B d13d758129cce947d3f12edb6e88406aad10de6887b19ffa3ebd8e382b742a05f2a692a8824aec99939f6c7e13fbccc3bb14e5ee112f9a9255d4882eb87dcf53 SHA512 0aaedeced7dbc70419c7245eb0e9db4ef570e0e7739b890ebae04d56da5fe8d147e8e150f3c943f60730976569e3ac6cc8da62ec7e2a78e2ef47d295ca0b1d25
-DIST openssh-9.4p1.tar.gz.asc 833 BLAKE2B 95eedd9356766e5d0ea1261da3dc4c7869f054b418c626fb35815a0aa655b1ddbf54436b437d98c4344b05c9196c8fa1f592eac07b3ccf08bd3e980f8b6955af SHA512 983b4ebaa3b98e70831ce686cb503270926c065163a2510eef0c5102ef50b6e665b889ee15ea8c0bd7c4bbddb19270f036e1d554a8212ef2c292f9c682c8631a
+DIST openssh-9.5p1.tar.gz 1843001 BLAKE2B 55dbb0a2792b0046c943a19ca0966660e6e378e77856e94823a1bbbafaa0da94357403765c4c028aebf6543049a0f9bbe0019629be3f92cdadfac1be56def796 SHA512 e183fdf7477fd986215b889eea4a945d71385e35305746ccb164e757ecc28166f429c70890a237d8ef4cdcae5132935ba2ecb3b2a658eb73a6afcf6f42277b9c
+DIST openssh-9.5p1.tar.gz.asc 833 BLAKE2B abec3d14d9a880008db202be00ed446ccc0a98ce77c16a9e6d6492feac07c8f3284f9cd24f6ee1d904a55f9f23d5cce8a716916975c179a38ef6bde1d36e0acf SHA512 2b6de653420ba02eb99c7e6fba09af3bacfe9c701f3dfc3c94f41a3539c0414954fc5c64cce63c488c5ccd5d4ddb42d3f2184ff7f323342c885c47bf7d426ca1
diff --git a/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-9.3_p2-zlib-1.3.patch b/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-9.3_p2-zlib-1.3.patch
deleted file mode 100644
index f1336bbe03..0000000000
--- a/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-9.3_p2-zlib-1.3.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-https://bugs.gentoo.org/912766
-https://github.com/openssh/openssh-portable/commit/cb4ed12ffc332d1f72d054ed92655b5f1c38f621
-
-From cb4ed12ffc332d1f72d054ed92655b5f1c38f621 Mon Sep 17 00:00:00 2001
-From: Darren Tucker <dtucker@dtucker.net>
-Date: Sat, 19 Aug 2023 07:39:08 +1000
-Subject: [PATCH] Fix zlib version check for 1.3 and future version.
-
-bz#3604.
---- a/configure.ac
-+++ b/configure.ac
-@@ -1464,7 +1464,7 @@ else
- 	[[
- 	int a=0, b=0, c=0, d=0, n, v;
- 	n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
--	if (n != 3 && n != 4)
-+	if (n < 1)
- 		exit(1);
- 	v = a*1000000 + b*10000 + c*100 + d;
- 	fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
-
diff --git a/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/openssh-9.4_p1.ebuild b/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/openssh-9.5_p1.ebuild
similarity index 88%
rename from sdk_container/src/third_party/coreos-overlay/net-misc/openssh/openssh-9.4_p1.ebuild
rename to sdk_container/src/third_party/coreos-overlay/net-misc/openssh/openssh-9.5_p1.ebuild
index baac0b9956..ec36f34457 100644
--- a/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/openssh-9.4_p1.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/openssh-9.5_p1.ebuild
@@ -86,7 +86,6 @@ PATCHES=(
 	"${FILESDIR}/${PN}-9.3_p1-disable-conch-interop-tests.patch"
 	"${FILESDIR}/${PN}-9.3_p1-fix-putty-tests.patch"
 	"${FILESDIR}/${PN}-9.3_p1-deny-shmget-shmat-shmdt-in-preauth-privsep-child.patch"
-	"${FILESDIR}/${PN}-9.3_p2-zlib-1.3.patch" #912766
 )
 
 pkg_pretend() {
@@ -229,37 +228,6 @@ src_test() {
 	emake -j1 "${tests[@]}" </dev/null
 }
 
-insert_include() {
-	local src_config="${1}" options="${2}" includedir="${3}"
-	local name copy regexp_options regexp lineno comment_options
-
-	name=${src_config##*/}
-	copy="${T}/${name}"
-	cp -a "${src_config}" "${copy}" || die
-
-	# Catch "Option ", "#Option " or "# Option ".
-	regexp_options=${options//,/'\|'}
-	regexp='^[[:space:]]*#\?[[:space:]]*\('"${regexp_options}"'\)[[:space:]]'
-	lineno=$(set -o pipefail; grep -ne "${regexp}" -m 1 "${copy}" | cut -d : -f 1 || die)
-	# We have found a first line with the option, now find a first
-	# non-comment line just above the comments of the option. The
-	# lineno - 2 is here to ignore the line just above the option
-	# in case the comment block is separated by an empty line.
-	lineno=$(set -o pipefail; head -n $((lineno - 2)) "${copy}" | grep -ne '^[[:space:]]*\([^#]\|$\)' | tail -n 1 | cut -d : -f 1 || die)
-
-	comment_options=${options//,/ or }
-	{
-		head -n "${lineno}" "${copy}" || die
-		cat <<-EOF || die
-		# Make sure that all ${comment_options} options are below this Include!
-		Include "${EPREFIX}/${includedir}/*.conf"
-
-		EOF
-		tail -n "+${lineno}" "${copy}" || die
-	} >"${src_config}"
-	rm -f "${copy}" || die
-}
-
 # Gentoo tweaks to default config files.
 tweak_ssh_configs() {
 	local locale_vars=(
@@ -273,9 +241,12 @@ tweak_ssh_configs() {
 	)
 
 	dodir /etc/ssh/ssh_config.d /etc/ssh/sshd_config.d
-
-	insert_include "${ED}"/etc/ssh/ssh_config 'Host,Match' '/etc/ssh/ssh_config.d'
-	insert_include "${ED}"/etc/ssh/sshd_config 'Match' '/etc/ssh/sshd_config.d'
+	cat <<-EOF >> "${ED}"/etc/ssh/ssh_config || die
+	Include "${EPREFIX}/etc/ssh/ssh_config.d/*.conf"
+	EOF
+	cat <<-EOF >> "${ED}"/etc/ssh/sshd_config || die
+	Include "${EPREFIX}/etc/ssh/sshd_config.d/*.conf"
+	EOF
 
 	cat <<-EOF >> "${ED}"/etc/ssh/ssh_config.d/9999999gentoo.conf || die
 	# Send locale environment variables (bug #367017)
@@ -294,10 +265,6 @@ tweak_ssh_configs() {
 	ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
 	EOF
 
-	# Move sshd's Subsystem option to a drop-in file.
-	grep -ie 'subsystem' "${ED}"/etc/ssh/sshd_config >"${ED}"/etc/ssh/sshd_config.d/9999999gentoo-subsystem.conf || die
-	sed -i -e '/[Ss]ubsystem/d' "${ED}"/etc/ssh/sshd_config
-
 	cat <<-EOF >> "${ED}"/etc/ssh/sshd_config.d/9999999gentoo.conf || die
 	# Allow client to pass locale environment variables (bug #367017)
 	AcceptEnv ${locale_vars[*]}
@@ -323,10 +290,6 @@ tweak_ssh_configs() {
 		PermitRootLogin Yes
 		EOF
 	fi
-
-	local sshd_drop_ins=("${ED}"/etc/ssh/sshd_config.d/*.conf)
-	fperms 0700 /etc/ssh/sshd_config.d
-	fperms 0600 "${sshd_drop_ins[@]#${ED}}"
 }
 
 src_install() {