US: +1 561 2500001/EU: +359 2 4925555 LiveChat
[email protected] Sign Up Login
ITLDC
  • NVMe/SSD VDS
  • HD VDS
  • Servers
  • Hosting
  • Support
  • Blog
  • Contact
  • [UA]
  • NVMe/SSD VDS
  • HD VDS
  • Servers
  • Hosting
  • Support
  • Blog
  • Contact
  • [UA]

OpenSSH 10.0 Released – New Tricks for Your Trusted Terminal Buddy

OpenSSH 10.0 Released – New Tricks for Your Trusted Terminal Buddy

Apr 11, 2025KovačBlog, News

TL;DR: OpenSSH just hit version 10.0, and it’s kind of a big deal. With a bunch of security upgrades, smarter defaults, and a fond farewell to some old cryptographic baggage, it’s a good time to update your SSH toolkit. Whether you’re a sysadmin, dev, or just someone who loves a clean ssh connection, read on.

So… What’s OpenSSH Again?

If you’ve ever typed ssh user@server and felt like a cyber ninja teleporting into a remote machine, thank OpenSSH. It’s the open-source, secure-by-default SSH protocol implementation used on pretty much every Linux and Unix-ish box out there. It also includes goodies like sftp, scp, ssh-agent, and ssh-keygen.

Now, with version 10.0, it’s flexing even harder – and safer.


What’s New in OpenSSH 10.0?

1. Goodbye DSA, and Thanks for All the Keys

OpenSSH has officially removed support for the DSA signature algorithm. If you’re still using DSA keys… well, it’s time. This algorithm has been considered weak for a while (disabled by default since 2015), and now it’s finally getting the boot.

Tip: Replace those DSA keys with something modern like Ed25519 or ECDSA.


2. Hello, Post-Quantum Key Exchange

In a move straight out of a sci-fi novel, OpenSSH 10.0 makes mlkem768x25519-sha256 the default key exchange algorithm. This hybrid method combines traditional Curve25519 with post-quantum ML-KEM magic. Translation: it’s secure against today’s hackers and tomorrow’s quantum computers.

The future called – they want secure SSH too.


3. scp & sftp Get Less “Magical”

Previously, scp and sftp would sometimes create background control sessions without asking. Now, they’ll behave more predictably by default (ControlMaster no), which should reduce those “why is this still running?” moments.


4. sshd’s Got a New Roommate: sshd-auth

To tighten security, OpenSSH has split off the authentication logic into a new binary called sshd-auth. This means:

  • Better memory isolation (less chance of a pre-auth exploit spilling into post-auth code).
  • Slightly less memory usage (yay, efficiency nerds!).
  • And for the curious: log messages might now come from sshd-auth.

It’s like moving the valuables out of the front hallway and into a locked vault.


5. Diffie-Hellman Key Exchange Gets Benched

Remember those old-school DH key exchanges (diffie-hellman-group*)? They’re now disabled by default on the server side. Why? Because they’re slow, resource-heavy, and not as secure as modern options like ECDH. Clients can still use them – but they shouldn’t.

If your server suddenly stops accepting connections after upgrading, check your KEX algorithms.


6. More Config Power with Match Enhancements

SSH configuration files just got more powerful with new Match conditions:

  • Match based on OpenSSH version (hello, Match version OpenSSH_10.*)
  • Match by session type (shell, exec, subsystem, or none)
  • Match by remote command
  • Token and environment variable expansions

This is the kind of flexibility that makes your ~/.ssh/config file feel like a cheat code.


Bonus: Tons of Bugfixes

From improved debug logging and better X11 forwarding behavior to hostname parsing tweaks and smarter keygen handling, this release cleans up a lot of small things that could trip you up in day-to-day use.


Should You Upgrade?

Yes. Even if you’re not hosting a bank vault over SSH, staying current means:

  • Better security
  • Fewer bugs
  • Cleaner performance
  • Future-proofing (hello, post-quantum crypto)

If you manage systems or services over SSH, OpenSSH 10.0 is worth your attention – and a quick apt upgrade or yum update.


Final Thoughts

OpenSSH continues to be the quiet champion of remote access. It doesn’t make flashy headlines, but it’s critical infrastructure for developers, sysadmins, and anyone who talks to a server. Version 10.0 adds smart features and trims old fat, keeping it fast, lean, and secure for the decade ahead.

Want to dive deeper? Check out the official release notes at: https://www.openssh.com

Stay connected – securely.

Tags: linux,  software,  ssh
Related Posts
  • Disk Usage 🧮 in Linux: Tools, Tips, and That One Mysterious 20GB Log File

  • Mastering the Art of Redirecting Chaos: Linux Shell I/O Redirection Explained

← 🛠️ DUS Datacenter Maintenance Complete: New Servers In!
Disk Usage 🧮 in Linux: Tools, Tips, and That One Mysterious 20GB Log File →

US/APAC Support

ITLDC

PO Box #800054
Aventura
FL 33280
USA

+1 561 2500001

[email protected]

EU Support

Smart Industries LLC

187E Warm Springs Rd B218
Las Vegas
NV 89119
USA

+1 561 2500001

[email protected]

Services

  • SSD VDS
  • Dedicated Servers
  • Shared Hosting
  • Colocation
  • DDoS Protection
  • SSL Certificates
  • Backup Storage
  • Reselling

Support

  • Get Help
  • ITLDC Status
  • Looking Glass
  • Our SLA
  • Datacenters
  • FAQ & Knowledgebase
  • Data Security
  • Contact us

© Copyright 1995-2019 ITLDC Team. You can freely use or share information from this site with a hyperlink to the original page.