OpenSSH 10.4 Released: Critical SFTP SCP Fixes and Post-Quantum Signatures

Published by

OpenSSH 10.4 has been released, addressing critical security vulnerabilities in sftp and scp that could allow malicious servers to redirect downloads or write to unauthorized directories. The update also resolves a regression related to the DisableForwarding option and introduces enforced minimum authentication delays to enhance brute-force protection. A significant feature of this release is the experimental support for composite post-quantum signatures, combining ML-DSA 44 and Ed25519 for improved key authentication. Additionally, the release includes performance improvements, stricter transport protocol rules, and various other security enhancements to bolster overall system integrity



OpenSSH 10.4 Released: Critical SFTP SCP Fixes and Post-Quantum Signatures

OpenSSH 10.4 has been released, delivering critical security patches for sftp and scp that resolve vulnerabilities allowing malicious servers to redirect downloads or write to unauthorized directories. This update also fixes a regression where DisableForwarding=yes failed to disable tunnel forwarding when used with PermitTunnel=yes, alongside enforcing minimum authentication delays to improve brute-force protection. A headline feature is the addition of experimental support for composite post-quantum signatures, which combines ML-DSA 44 and Ed25519 to future-proof key authentication. Additional improvements include a rewritten NFA-based wildcard pattern matcher to prevent performance issues and stricter transport protocol rules for key re-exchanges.

OpenSSH 10.4 Released: Critical SFTP SCP Fixes and Post-Quantum Signatures @ Linux Compatible