OpenSSH 10.1 Released: Security Fixes and Post-Quantum Warnings
The OpenSSH development team has announced the release of OpenSSH 10.1, marking a new stable version of the widely used secure communication suite. Build archives will soon be available on the project’s official mirrors. The release introduces security fixes, a redesigned network traffic prioritization mechanism, and warnings for weak cryptographic algorithms.
OpenSSH is a full implementation of the SSH 2.0 protocol, providing both client and server support for SFTP. The development team expressed gratitude to the community for its ongoing contributions in development, testing, and donations — details of which are available on the project’s support page.
The most significant change in this release is the new warning system for key exchange algorithms that are not resistant to quantum attacks. The SSH client now alerts users if a connection does not employ a post-quantum encryption method. This behavior can be controlled via the new WarnWeakCrypto option in ssh_config. The reasoning behind this decision is detailed in a dedicated publication, “Post-Quantum Cryptography in OpenSSH.”
Another major update concerns the handling of DSCP/IPQoS, the mechanisms responsible for packet prioritization. Interactive traffic now defaults to the EF (Expedited Forwarding) class, improving performance on bandwidth-limited networks such as Wi-Fi. Legacy parameters — lowdelay, throughput, and reliability — have been deprecated, as the Type of Service (ToS) architecture is now considered obsolete.
Among the potentially incompatible changes is the relocation of ssh-agent sockets from /tmp to ~/.ssh/agent, a move designed to enhance isolation and prevent unauthorized key usage by processes with restricted filesystem access. The agent also introduces new flags — -U, -u, -uu, and -T — which manage the cleanup of stale sockets.
The developers have removed experimental support for XMSS keys and added the ssh-add -N option, allowing users to disable automatic deletion of expired certificates. A new post-quantum signature scheme is expected to be integrated in a future release.
A critical security fix addresses the handling of usernames and URIs in the ssh(1) command line. The update now prohibits control characters and null bytes (\0), which could previously be exploited to inject shell expressions via the %u parameter. The vulnerability was discovered by security researcher David Leadbeater.
New features include logging via the SIGINFO signal, expanded certificate rejection messages in sshd(8), Ed25519 key support on PKCS#11 tokens, and the RefuseConnection directive, which allows administrators to terminate connections with explanatory messages directly from the configuration file.
Dozens of bugs have been fixed — ranging from delays caused by the ObscureKeystrokeTiming option to memory leaks and incorrect MaxStartups behavior. The maximum supported configuration file size has also been increased to 4 MB.
The portability section brings improvements for FreeBSD, macOS, and Android. For instance, sshd now properly handles futex_time64 within seccomp sandboxes and checks for the presence of the nlist function before use. Additionally, a new gnome-ssh-askpass4 utility has been introduced for GNOME 40+ environments, built on the GCR API.
Support Our Threat Intelligence
If you find our technology report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
