OpenSSH 10.4 Patches Multiple Security Issues in SSH, SCP, and SFTP

OpenSSH 10.4 is now available with fixes for sftp, scp, and sshd, plus experimental support for ML-DSA 44 and Ed25519 composite signatures.

OpenSSH 10.4 is now available, providing security fixes, stricter protocol handling, and initial support for post-quantum cryptography. One fix addresses an sftp issue where a malicious server could cause files to be downloaded to unintended locations when using commands like “sftp host:/path .”.

A related fix lands in scp, where OpenSSH now prevents a malicious server from writing files to the parent directory of the intended target directory when copying files between two remote destinations.

Another security fix concerns sshd’s internal-sftp implementation. This is not the default SFTP server, but when used, long command lines were previously truncated silently after the ninth argument. That could become security-relevant if an important option appeared as the tenth argument or later, because it would simply be discarded.

OpenSSH 10.4 also resolves a potential pre-authentication denial-of-service issue in sshd when GSSAPIAuthentication is enabled. Although this feature is disabled by default, the fix is important for environments using GSSAPI-based authentication.

On top of that, the release fixes several cases where sshd did not enforce the minimum authentication delay as intended, and it resolves a possible client-side use-after-free in ssh if a server changes its host key during a key re-exchange.

In addition to security fixes, OpenSSH 10.4 enforces stricter SSH transport protocol behavior. Now, ssh and sshd will disconnect peers that send non-key-exchange messages during post-authentication key re-exchange.

Previously, malicious peers could send these messages without penalty, leading to memory waste. Keep in mind that non-compliant SSH implementations that do not restrict messages during key exchange may now be disconnected.

There are also a couple of potentially incompatible changes worth noting for administrators. First, “sshd -G,” which dumps the effective server configuration, now prints directive names in mixed case, such as “PubkeyAuthentication,” instead of using only lowercase names. This may affect scripts that parse its output.

Second, on Linux systems using the seccomp sandbox, failures to enable SECCOMP or NO_NEW_PRIVS are now fatal. Previously, sshd would log the error and continue running. Systems without these features should now disable the sandbox at configure time.

Feature-wise, the most interesting addition in OpenSSH 10.4 is experimental support for a composite post-quantum signature scheme combining ML-DSA 44 and Ed25519. However, this is not enabled by default. Users who want to test it must explicitly add it to options such as HostKeyAlgorithms or PubkeyAcceptedAlgorithms.

OpenSSH has also replaced its wildcard pattern matcher with a non-deterministic finite automaton implementation, which avoids the exponential worst-case behavior of the previous matcher.

As expected, the release includes a long list of bug fixes. These include fixes for ssh-agent extension queries, better handling of unsupported FIDO resident key types, stricter validation of transport state passed between sshd privilege separation subprocesses, fixes for sftp out-of-bounds reads, and improvements around invalid cipher or MAC lists in configuration files.

Additional changes address crashes, memory leaks, configuration parsing, X11 channel handling, PKCS#11 host key handling, and various portability updates.

For additional details, see the release notes.

Bobby Borisov

Bobby Borisov

Bobby, an editor-in-chief at Linuxiac, is a Linux professional with over 20 years of experience. With a strong focus on Linux and open-source software, he has worked as a Senior Linux System Administrator, Software Developer, and DevOps Engineer for small and large multinational companies.

Leave a Reply

Your email address will not be published. Required fields are marked *