OpenSSH is a free, open-source software suite of security-related network-level utilities based on the Secure Shell (SSH) protocol, which provides encrypted terminal connections between networked computers.
It is widely used for secure remote login, file transfers (using the SCP protocol), and creating secure tunnels for other network connections.
The latest release of OpenSSH 9.4 fixes 15 bugs across all its tools, including SSH, SSHD, SCP, SFTP, SSH Agent, SSH Keygen, and SSH Keyscan. More importantly, however, in this release are the few new capabilities it adds to your arsenal.
Unix Domain Sockets are a powerful inter-process communication mechanism in the same host operating system. These sockets allow processes to exchange data without the overhead of traditional network sockets.
So far, socket redirection is possible via SSH. This version, however, introduced the possibility to do this via the “-W” option, which accepts the “host:port” syntax.
Furthermore, OpenSSH 9.4 introduces support for configuration tags, providing a more organized and flexible way to manage SSH configurations. This adds a “Tag” directive and accompanying “Match tag” predicate for selecting configuration blocks.
On top of that, this release also adds a “match localnetwork” predicate, which allows for matching on the addresses of available network interfaces and can be used to change the effective client configuration depending on a network location.
Finally, be aware that OpenSSH 9.4 removes support for older versions of libcrypto, which their upstream vendors already deprecate. That means OpenSSH now requires LibreSSL >= v3.1.0 or OpenSSL >= v1.1.1.
For a complete list of changes, visit the release notes.
