The OpenSSH project, developed and maintained under the OpenBSD umbrella, announced the release of OpenSSH 10.2, a maintenance update now available for download from the project’s official mirrors.
The main fix addresses a problem that made SSH sessions unusable when ControlPersist was enabled. This feature, which keeps a master connection open for faster reuse, was mismanaging terminal connections in version 10.1. The bug left users unable to interact with remote sessions properly.
OpenSSH 10.2 also includes updates to ssh-keygen, fixing two issues: one that prevented proper key download from PKCS#11 tokens, and another that caused errors during CA signing operations when the certificate authority key was stored in ssh-agent.
On the portability side, this release improves compatibility with systems that don’t support mmap, such as WebAssembly (WASM) environments like HTerm. The team also fixed missing headers for FreeBSD, improved support for older macOS versions lacking clock_gettime, and resolved a potential hang in sshd when dealing with unknown hostnames in certain PAM configurations.
Alongside these fixes, the developers issued an early deprecation notice: support for SHA1 SSHFP records will be removed in a future release. Due to known weaknesses in SHA1, future versions will ignore these records entirely and rely on SHA256, which has been supported since OpenSSH 6.1 (released back in 2012).
For more information, see the changelog.
