OpenSSH 10.0 released with DSA removal, enhanced user auth, and post-quantum security

OpenSSH 10.0 has been released, marking significant updates to this widely-utilized SSH client/server implementation. A key change in this release is the removal of support for the DSA signature algorithm, finalizing its deprecation process that started in 2015 when DSA was first disabled by default.

The update introduces a structural change to the SSH daemon (sshd) by moving the user authentication phase code from the per-connection sshd-session binary to a new sshd-auth binary. This separation ensures that the pre-authentication attack surface operates in a distinct address space from the rest of the connection, while also providing a slight runtime memory optimization by unloading the authentication code post-authentication.

Additionally, the release addresses a bug in the DisableForwarding directive, which previously failed to disable X11 and agent forwarding. By default, X11 forwarding is disabled on the server, and agent forwarding is off on the client. In terms of security, OpenSSH 10.0 adopts the hybrid post-quantum algorithm mlkem768x25519-sha256 as the default for key agreement. This algorithm is designed to be resistant to quantum computer attacks, matches the strength of the curve25519-sha256 algorithm, and offers improved performance.

The release also introduces a preliminary tool to verify FIDO attestation blobs, which can be optionally generated by ssh-keygen during FIDO key enrollment. OpenSSH 10.0 includes various other enhancements and bug fixes, further refining the software.