OpenSSH 10 Embraces Quantum-Safe Key Exchange Standards

The latest version of the secure remote shell, OpenSSH 10, marks a significant step in the evolution of security protocols by fully retiring the outdated DSA algorithm. The new standard for key exchange, MLKEM-768, is set to replace older methods.

With this major update, OpenSSH has completed its transition away from the Digital Signature Algorithm (DSA), which has been deprecated for several years. Users may not notice this change, as DSA has been disabled in the default configuration since 2015. Furthermore, support for DSA had to be explicitly activated in the source code compilation starting last year. OpenSSH 10 removes the last remnants of DSA from its codebase, marking the end of an era for this security algorithm.

In addition to DSA, the traditional Diffie-Hellman key exchange method is also being phased out. This decision stems from the fact that Diffie-Hellman offers no performance advantages over more modern approaches, such as those utilizing elliptic curves or quantum-safe algorithms.

The choice of MLKEM-768 as the new quantum-safe key exchange method is a notable highlight of this update. The previous version had already implemented a hybrid key exchange algorithm that incorporated elements of both NTRU Prime and X25519. However, the development team determined that MLKEM is not only faster but is also officially standardized by NIST, making it a preferred choice for future implementations.

Security vulnerabilities aimed at the authentication process of SSH servers have historically posed significant risks. Notable examples include the Terrapin attack and the 2024 RegreSSHion vulnerability. To mitigate the impact of such threats, OpenSSH 10 separates the authentication process into a dedicated program, ssh-auth. This separation means that the main memory space for authentication is distinct from that of the server, reducing the potential for interactions that could be exploited in the event of a successful pre-authentication exploit.

In addition to these critical updates, OpenSSH 10 includes numerous bug fixes, smaller feature enhancements, and a security fix related to the DisableForwarding configuration directive. For those with technical expertise, server and client installations can be compiled from the source code; however, packages for various Linux distributions are not yet available.

This latest iteration of OpenSSH not only enhances security protocols but also positions itself firmly within the evolving landscape of cybersecurity, particularly with the increasing reliance on quantum-safe standards.