The OpenSSH project, developed and maintained under the OpenBSD umbrella, announced the release of OpenSSH 10, a widely adopted secure toolset for remote login and file transfer over encrypted connections. It is now available for download on its official mirrors.
One of the most significant shifts in this new version is removing support for the weak DSA signature algorithm. Although DSA was already disabled by default back in 2015—and administrators have been repeatedly alerted to its impending retirement—the project has now completed its phase-out.
Furthermore, the OpenSSH developers have announced a few other potentially disruptive adjustments. For example, scp and sftp now pass “ControlMaster no” to SSH by default, which prevents unexpected implicit session creation. While many users will appreciate this clarity in connection handling, others relying on auto-multiplexing might want to double-check their configurations.
Another interesting twist is the version jump to OpenSSH 10, which might puzzle software that naively identifies OpenSSH releases using patterns like “OpenSSH_1*.” Administrators and developers relying on custom scripts or version-matching patterns are encouraged to verify that their systems gracefully handle this updated naming convention.
On the server side, there is a major structural change in sshd: user authentication code has been moved from the per-connection sshd-session binary to a dedicated sshd-auth binary. According to the maintainers, this improves security by keeping the pre-authentication attack surface separate from the rest of the SSH session process.
Additionally, finite field Diffie-Hellman (modp) key exchange is disabled by default in sshd. Since elliptic-curve-based methods have become standard for quite a while and perform substantially better at comparable security levels, the maintainers felt the time was ripe to push forward with ECDH as the go-to algorithm.
Although the most eye-catching modifications revolve around removing weaker algorithms and streamlining the authentication binaries, OpenSSH 10 also arrives with various functional improvements and bug fixes. On the new features side, it is worth noting the following:
- Hybrid Post-Quantum Key Exchange: A standout addition is the mlkem768x25519-sha256 algorithm, which is now the default for key agreement. It combines protection against potential quantum computer attacks with speed and robust security, offering a future-proof alternative to standard elliptic-curve algorithms.
- Cipher Preference Updates: OpenSSH 10.0 prefers AES-GCM over AES-CTR when deciding on a cipher for connections, although ChaCha20/Poly1305 remains at the top of the list for performance and reliability.
- Configuration Enhancements: Users can now employ
%-tokenand environment variable expansion in several ssh_config directives (e.g.,SetEnv,User), enabling more flexible setups. Meanwhile, additionalMatchrules allow for granular control based on local OpenSSH version (Match version) or session type (shell,exec,subsystem, ornone). - Additional Options and QoL Changes: From new pattern-matching capabilities in
sshd_config(AuthorizedKeysFileandAuthorizedPrincipalsFile) to more sophisticated control over FIDO token behavior inssh-agent, this release streamlines numerous workflows for both administrators and power users.
Last but not least, several bug fixes also make their way into this release. Among these are improvements to the ObscureKeystrokeTiming mitigation for X11 forwarding, better handling of large sshd configuration files, and more robust fallback behavior for Diffie-Hellman Group Exchange. Additionally, minor corner cases in sftp and ssh have been addressed.
Check out the release notes for detailed information about all changes in OpenSSH 10.
