OpenSSH 9.9
-
OpenSSH ☛ OpenSSH 9.9
OpenSSH 9.9 was released on 2024-09-19. It is available from the mirrors listed at https://www.openssh.com/.
OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support.
-
LWN ☛ OpenSSH 9.9 released
The OpenSSH project has released version 9.9. This version includes support for the new post-quantum cryptography standard from NIST. The release also includes the next step in the deprecation of DSA keys — they are now disabled by default at compile time, and are expected to be removed entirely in early 2025. The release also contains the normal mixture of bug fixes and small usability improvements.
Update
-
OpenSSH 9.9 released!
In a fediverse post, Damien Miller (djm@) announced the availability of the new OpenSSH version 9.9:
"OpenSSH 9.9 has just been released. New features include support for hybrid ML-KEM X25519 post-quantum key exchange (using a formally-verified ML-KEM implementation), improved controls to drop and penalise unwanted connections, faster NTRUPrime key exchange code and more."
More from the original: -
OpenSSH 9.9
OpenSSH plans to remove support for the DSA signature algorithm in early 2025. This release disables DSA by default at compile time.
DSA, as specified in the SSHv2 protocol, is inherently weak - being limited to a 160 bit private key and use of the SHA1 digest. Its estimated security level is only 80 bits symmetric equivalent.
OpenSSH has disabled DSA keys by default since 2015 but has retained run-time optional support for them. DSA was the only mandatory-to-implement algorithm in the SSHv2 RFCs, mostly because alternative algorithms were encumbered by patents when the SSHv2 protocol was specified.
LinuxIac:
-
OpenSSH 9.9 Features Enhanced Quantum-Resistant Algorithms
OpenSSH 9.9 is out now! Support for post-quantum key exchange, improved security features, and bug fixes.