The OpenSSH project has released version 10.0, a milestone release that enables post-quantum cryptography by default for all new SSH connections.
Post-Quantum Key Exchange
OpenSSH 10.0 uses a hybrid key exchange combining classical X25519 with the ML-KEM-768 (formerly Kyber) post-quantum algorithm. This means SSH connections are protected against both current and future quantum attacks:
- Hybrid by default ā sntrup761x25519-sha512 and mlkem768x25519-sha256 are the default key exchange methods
- Backward compatible ā Falls back to classical algorithms when connecting to older servers
- Minimal overhead ā Post-quantum key exchange adds only ~1ms to connection setup
Other Changes
- DSA Support Removed ā DSA keys are no longer supported (deprecated since OpenSSH 7.0)
- Improved FIDO2 ā Better support for resident keys and user verification
- SSH Tap ā New diagnostic mode for recording SSH session traffic for debugging
- Certificate Improvements ā Extended certificate validity with automatic renewal support
System administrators should upgrade to OpenSSH 10.0 and regenerate host keys to benefit from post-quantum protection.
