OpenSSH 10.4 Released with Critical Security Fixes and Post-Quantum Signature Option
OpenSSH 10.4 has been released, patching eight security vulnerabilities, including critical flaws in SFTP and SCP, and introducing experimental support for post-quantum cryptography.

OpenSSH, the ubiquitous software suite responsible for the majority of secure remote access over SSH, has seen its latest version, 10.4, released with a significant focus on security enhancements and future-proofing.
The update addresses a total of eight security vulnerabilities and numerous bug fixes, aiming to bolster the security posture of systems relying on OpenSSH for remote management. Two critical fixes, identified by the Swival Security Scanner, target the Secure File Transfer Protocol (SFTP) and Secure Copy Protocol (SCP). The SFTP vulnerability could allow a malicious server to redirect command-line downloads to unintended locations on the client machine. Similarly, the SCP flaw enables a compromised server to write files into a parent directory of the intended target during remote-to-remote copies.
Several other security fixes are directed at the sshd server daemon. An issue within its internal-SFTP implementation could silently drop arguments on long command lines, potentially discarding security-relevant settings. The release also rectifies a pre-authentication denial-of-service vulnerability that could be triggered when GSSAPIAuthentication is enabled, though this feature is off by default. Additionally, a documentation note clarifies that GSSAPIStrictAcceptorCheck becomes ineffective when the server is joined to a Windows Active Directory.
Further hardening includes the enforcement of a minimum authentication delay, which had been skipped in certain scenarios, thus limiting the speed at which attackers can perform brute-force password testing. On the client side, a use-after-free memory bug in ssh could be triggered if a server altered its host key during a key reexchange.
In a forward-looking move, OpenSSH 10.4 introduces experimental support for a post-quantum signature scheme. This new option combines ML-DSA 44 with Ed25519, following the draft-miller-sshm-mldsa44-ed25519-composite-sigs specification. While disabled by default, administrators can enable this composite signature by adding the algorithm to relevant configuration settings like HostKeyAlgorithms and PubkeyAcceptedAlgorithms, and generating keys using ssh-keygen -t mldsa44-ed25519.
The release also includes a performance improvement by replacing the wildcard pattern matcher with one based on a nondeterministic finite automaton, removing the potential for exponential worst-case running times. General repairs have been made across various tools, including fixes for out-of-bounds reads in sftp and improvements to username length capping in ssh-agent to prevent denial-of-service attacks.
Administrators should be aware of a few changes that might impact existing configurations. The output format of sshd -G now uses mixed case for directives, and systems using the seccomp sandbox on Linux must ensure SECCOMP or NO_NEW_PRIVS are enabled, or disable the sandbox at configure time, as failures are now fatal. The transport layer has also become stricter, disconnecting peers that send non-key-exchange messages during post-authentication rekeying to prevent memory exhaustion.
This release underscores the ongoing commitment to securing remote access infrastructure against both current threats and future cryptographic challenges posed by quantum computing.
The latest OpenSSH 10.4 release further tightens security by disconnecting peers that send non-KEX messages during post-authentication key re-exchange, a measure to prevent memory exhaustion. Additionally, on Linux systems, seccomp sandbox failures are now fatal, requiring explicit disabling if kernel features are absent, and the sshd -G configuration dump mode has been updated to use mixed-case directives, potentially impacting automation scripts.