OpenSSH 10.0 Released
a year ago
- #Security
- #OpenSSH
- #Networking
- OpenSSH 10.0 has been released, featuring a 100% complete SSH protocol 2.0 implementation with sftp client and server support.
- Key changes include the removal of support for the weak DSA signature algorithm and the disabling of finite field Diffie-Hellman key exchange in sshd by default.
- Security fixes include a patch for the DisableForwarding directive in sshd, which previously failed to disable X11 and agent forwarding as documented.
- New features include the default use of the hybrid post-quantum algorithm mlkem768x25519-sha256 for key agreement and preference for AES-GCM over AES-CTR mode in cipher selection.
- Bugfixes address issues such as NULL dereference bugs in sftp and ssh, incorrect logging of user-specific delays in sshd, and integer overflow in X11 port handling.
- Portability improvements include support for AWS-LC, Y2038 safe wtmp replacement, and memory locking for sshd on Linux.
- The release also includes checksums for verification and encourages bug reports via the OpenSSH website.