OpenSSH 10.0 released

Date:
Wed, 09 Apr 2025 13:18:50 +0000

Description:
OpenSSH
10.0 has been released. Support for the DSA signature algorithm,
which was disabled by default beginning in 2015, has been
removed. Other notable changes include using the post-quantum algorithm mlkem768x25519-sha256 for key agreement by default, support for systemd-style socket
activation in Portable OpenSSH , and moving code for user
authentication from the sshd-session binary to the new ssh-auth binary: Splitting this code into a separate binary ensures that the crucial pre-authentication attack surface has an entirely disjoint address
space from the code used for the rest of the connection. It also
yields a small runtime memory saving as the authentication code will
be unloaded after the authentication phase completes. This change
should be largely invisible to users, though some log messages may now
come from "sshd-auth" instead of "sshd-session". Downstream
distributors of OpenSSH will need to package the sshd-auth binary. The
release notes also warn that " software that naively matches
versions using patterns like "OpenSSH_1*" " may be confused by the
new version number.

======================================================================
Link to news story:
https://lwn.net/Articles/1016924/


--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)