The OpenSSH project has released version 10.0, a milestone release that enables post-quantum cryptography by default for all new SSH connections.
Post-Quantum Key Exchange
OpenSSH 10.0 uses a hybrid key exchange combining classical X25519 with the ML-KEM-768 (formerly Kyber) post-quantum algorithm. This means SSH connections are protected against both current and future quantum attacks:
- Hybrid by default โ sntrup761x25519-sha512 and mlkem768x25519-sha256 are the default key exchange methods
- Backward compatible โ Falls back to classical algorithms when connecting to older servers
- Minimal overhead โ Post-quantum key exchange adds only ~1ms to connection setup
Other Changes
- DSA Support Removed โ DSA keys are no longer supported (deprecated since OpenSSH 7.0)
- Improved FIDO2 โ Better support for resident keys and user verification
- SSH Tap โ New diagnostic mode for recording SSH session traffic for debugging
- Certificate Improvements โ Extended certificate validity with automatic renewal support
System administrators should upgrade to OpenSSH 10.0 and regenerate host keys to benefit from post-quantum protection.