OpenSSH 9.9 is now available for download on the official mirrors of the OpenBSD Project. This update introduces a range of significant enhancements, such as the support for post-quantum key exchange, improved security controls, and various performance enhancements.

Key Features in OpenSSH 9.9

One of the most notable advancements in OpenSSH 9.9 is the introduction of a hybrid post-quantum key exchange method. It combines the FIPS 203 Module-Lattice Key Encapsulation Mechanism (ML-KEM) with X25519 Elliptic Curve Diffie-Hellman (ECDH). This hybridization is believed to boost security against future quantum computing threats. The algorithm, known as mlkem768x25519-sha256, is enabled by default.

Post-quantum cryptographic standards could be around the corner.

In addition, the ssh_config “Include” directive now supports environment variable expansion and the use of the same set of %-tokens as the “Match Exec” option. This enhancement provides more flexibility in dynamic configuration file management.

OpenSSH 9.9 also brings the “RefuseConnection” option in sshd_config. It allows administrators to swiftly drop unwanted connections at the first authentication attempt. A new “refuseconnection” penalty class in the sshd_config “PerSourcePenalties” enables automated penalties for connections dropped using this keyword.

Further enhancing authentication controls, the sshd_config “Match” options now include a “Match invalid-user” predicate. This enables administrators to identify and manage attempts from usernames that do not exist on the server, offering more granular control over access attempts.

The update also improves performance with a streamlined implementation of the NTRUPrime key exchange code, resulting in faster execution and better overall efficiency.

OpenSSH 9.9 is a robust, secure, and forward-thinking piece of technology. The neweest release aligns with the latest cryptographic standards and addresses emerging security needs quite reliably.

Bug Fixes in OpenSSH 9.9

OpenSSH 9.9 addresses a number of important bugs, further improving the reliability and performance of the software:

• Key Type Name Parsing: Implements stricter rules for parsing key type names, limiting user-interface code to short names while enforcing the use of full SSH protocol names in other contexts.
• Relaxed Absolute Path Requirement: Restores the previous behavior, allowing sshd to start without the requirement of an absolute path when operating in inetd mode.
• Logging Fixes: Resolves an issue where sshd log messages had swapped source and destination addresses.
• Authorized Keys Handling: Corrects a bug where authorized_keys options were incorrectly applied when signature verification failed.
• User@Host Parsing: Ensures consistent parsing of strings containing the “@” symbol by looking for the last occurrence, allowing for usernames that include “@” characters.

Deprecation Notice

It’s important to note that OpenSSH plans to phase out support for the DSA signature algorithm by early 2025. In the 9.9 release, DSA is disabled by default during compile time.

DSA, as defined in the SSHv2 protocol, is considered insecure. Its use of 160-bit private keys and the SHA1 digest provides only an estimated 80-bit symmetric security equivalent. In other words: not good enough.

Since 2015, OpenSSH has discouraged the use of DSA keys, maintaining only optional runtime support. With more robust algorithms now widely available across all actively maintained SSH implementations, the decision to deprecate DSA reflects the diminishing value of supporting this weaker encryption standard.