OpenSSH 10.0 is now available for this widely-used SSH client/server implementation. There are a number of changes to find with OpenSSH 10.0 including better protections against possible attacks by future quantum computers.
OpenSSH 10.0 drops support for the weak DSA signature algorithm that had been deprecated already for the past decade. The SSH daemon (SSHD) also removes code responsible for the user-authentication phase of the protocol to a new “sshd-auth” binary to better segregate the pre-authentication attack surface.
OpenSSH 10.0 on the security side also fixes the “DisableForwarding” for X11 forwarding as it turns out it was failing to disable X11 forwarding and agent forwarding as documented.
For better protections in a quantum computing world, OpenSSH 10.0 now uses the hybrid post-quantum algorithm mlkem768x25519-sha256 by default for key agreement. The mlkem768x25519-sha256 algorithm is currently deemed safe against possible attacks by quantum computers and is considered faster than the prior default.
OpenSSH 10.0 also adds a work-in-progress tool for verifying FIDO attestation blobs. The experimental tool in OpenSSH 10.0 can be found under regress/misc/ssh-verify-attestation for experimenting but not installed by default.
More details on the many changes to find with today’s OpenSSH 10.0 release via the mailing list announcement and downloads via OpenSSH.com.
