Cybersecurity & Protection

OpenSSH 10.4: Security Fixes and First Post-Quantum Signatures

Jul 8, 2026 3 min read
All articles

OpenSSH 10.4 is out, bringing a focused set of security fixes across SSH, SCP, and SFTP components, tighter protocol enforcement, and a notable first: experimental support for hybrid post-quantum signatures.

Security Fixes for SSH, SCP, and SFTP

Several security issues have been addressed in this release. A malicious SFTP server could, under certain conditions, redirect downloads to an unintended location. When copying files between two remote systems with scp, a compromised server could place files outside the intended target directory. OpenSSH 10.4 closes both issues.

The internal SFTP server (internal-sftp) had a silent argument-dropping bug: on long command lines, any argument beyond the tenth position was quietly discarded, meaning security-relevant options at those positions were simply ignored.

The SSH daemon sshd receives multiple fixes as well. A pre-authentication denial-of-service vulnerability is addressed (relevant only when GSSAPI authentication is enabled, which it is not by default). Authentication delay enforcement is corrected, and DisableForwarding=yes now reliably blocks tunnel connections as documented. On the client side, a potential use-after-free during key exchange is resolved.

Stricter Protocol Behavior

OpenSSH 10.4 tightens behavior during key re-exchange, the process of negotiating fresh session keys within an established connection. If the remote side sends unauthorized protocol messages during this phase, OpenSSH now disconnects immediately instead of buffering those messages. The previous behavior could lead to unnecessary memory usage and deviated from the SSH protocol specification.

Note that this change may cause older or non-RFC-compliant implementations to lose the connection. The release also replaces the old wildcard matcher with an NFA-based implementation, eliminating exponential runtimes on certain patterns and improving robustness against unexpected input.

Experimental Post-Quantum Signatures

The headline feature of OpenSSH 10.4 is experimental support for a hybrid signature scheme combining ML-DSA-44 and Ed25519. The goal is protection against both classical and future quantum computing attacks. Hybrid schemes are the recommended transitional approach while post-quantum algorithms are still being standardized and rolled out.

The feature is off by default. You enable it explicitly via HostKeyAlgorithms or PubkeyAcceptedAlgorithms, and generate new keys with ssh-keygen -t mldsa44-ed25519.

Other Changes

A few potentially breaking changes are included. The sshd -G option now outputs configuration directives in mixed case again (for example PubkeyAuthentication instead of all lowercase), which may affect scripts that parse that output. On Linux, failures when enabling SECCOMP and NO_NEW_PRIVS are now treated as fatal: the server aborts at startup rather than continuing to run. Systems that lack these kernel features should be built without sandbox support at compile time. The release also includes numerous bug fixes for FIDO tokens, ssh-agent, configuration handling, and cryptographic routines.