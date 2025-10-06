news

posted by Rianne Schestowitz on Oct 06, 2025



Quoting: OpenSSH 10.1: New DSCP Handling, SHA1 SSHFP Deprecation Announced —

The OpenSSH project, developed and maintained under the OpenBSD umbrella, announced the release of OpenSSH 10.1, a widely adopted secure toolset for remote login and file transfer over encrypted connections. It is now available for download on its official mirrors.

A key change in this release is the upcoming deprecation of SHA1 SSHFP DNS records, which will soon be ignored due to weaknesses in the SHA1 algorithm. From now on, ssh-keygen -r will generate only SHA256-based SSHFP records.

OpenSSH 10.1 also introduces a warning for non-post-quantum key agreements, highlighting the risk of “store now, decrypt later” attacks. This behavior is managed by the new WarnWeakCrypto option, enabled by default.