
OpenSSH 10.4 adds composite post-quantum signature support & fixes several security issues
OpenSSH 10.4 is now available, bringing security improvements, bug fixes, and a couple of new features to this suite of secure networking tools. Among the notable additions, the release introduces experimental support for a composite post-quantum signature scheme that combines ML-DSA 44 and Ed25519. This cryptographic feature is not enabled by default and requires manual configuration.
Alongside advancements in cryptography, OpenSSH 10.4 replaces its wildcard pattern matcher with a new implementation based on a non-deterministic finite automaton. This update prevents exponential worst-case performance scenarios seen in the previous design. Addressing several SFTP-related vulnerabilities, the update fixes an issue where a malicious SFTP server could cause files to be downloaded to unintended locations, as well as a scenario allowing file placement in the parent directory during cross-remote transfers. Internal-sftp now correctly processes long command lines, no longer discarding options after the ninth argument and avoiding silent omission of security-relevant settings.
Following these security improvements, the documentation now notes that GSSAPIStrictAcceptorCheck is ineffective when joined to a Windows Active Directory domain. The release also resolves issues in configuration precedence between DisableForwarding and PermitTunnel, addresses potential pre-authentication denial of service attacks linked to GSSAPI, enforces authentication delay, and fixes a possible client-side use-after-free in server key reexchange.


