Call for testing: OpenSSH 10.4

Zakaria hi at zakaria.website
Tue Jun 30 23:08:07 AEST 2026


Hi,

Many thanks for the good work. I tested Master branch on Tahoe 26 and 
Alma 10.2, while using both the host key and key exchange algorithms of 
ssh-mldsa44-ed25519 at openssh.com and mlkem768x25519-sha256, per the looks 
everything is working fine from my side.

Also, if Master branch last commit 
#d8c4656119f09304e79fcf2ab32299ed68006a29 was covered by the release, I 
confirm OpenSSH 10.4 works on my operating systems.

Zakaria.

On 2026-06-30 03:58, Damien Miller wrote:
> Hi,
> 
> OpenSSH 10.4p1 is almost ready for release, so we would appreciate 
> testing
> on as many platforms and systems as possible. This is a bugfix release.
> 
> Snapshot releases for portable OpenSSH are available from
> http://www.mindrot.org/openssh_snap/
> 
> The OpenBSD version is available in CVS HEAD:
> http://www.openbsd.org/anoncvs.html
> 
> Portable OpenSSH is also available via git using the
> instructions at http://www.openssh.com/portable.html#cvs
> At https://anongit.mindrot.org/openssh.git/ or via a mirror at Github:
> https://github.com/openssh/openssh-portable
> 
> Running the regression tests supplied with Portable OpenSSH does not
> require installation and is a simply:
> 
> $ ./configure && make tests
> 
> Live testing on suitable non-production systems is also appreciated.
> Please send reports of success or failure to
> openssh-unix-dev at mindrot.org. Security bugs should be reported
> directly to openssh at openssh.com.
> 
> Below is a summary of changes. More detail may be found in the 
> ChangeLog
> in the portable OpenSSH tarballs.
> 
> Thanks to the many people who contributed to this release.
> 
> Potentially-incompatible changes
> --------------------------------
> 
> * sshd(8): configuration dump mode ("sshd -G") now writes directives
> in mixed case (e.g. "PubkeyAuthentication") whereas previously it
> emitted only lower-case names.
> 
> * sshd(8): on Linux systems with the seccomp sandbox enabled,
> failures to enable SECCOMP or NO_NEW_PRIVS are now fatal.
> Previously sshd(8) would log the error but continue operation,
> to support systems that lacked these features. Now systems that
> lack these should instead disable the sandbox at configure time.
> 
> * ssh(1), sshd(8): make the transport protocol stricter by
> disconnecting if the peer sends non-KEX messages during a post-
> authentication key re-exchange. Previously a malicious peer could
> continue sending non-key exchange messages without penalty. These
> would be buffered, causing memory to be wasted up until the
> connection terminated or the server/client hit a memory limit.
> Implementations that do not restrict messages sent during key
> exchange as per RFC4253 section 7.1 may be disconnected.
> Reported by Marko Jevtic.
> 
> New features
> ------------
> 
> * All: add experimental support for a composite post-quantum
> signature scheme that combines ML-DSA 44 and Ed25519 as specified
> in draft-miller-sshm-mldsa44-ed25519-composite-sigs.
> 
> This scheme is not enabled by default. To use it, you'll need
> to add it to HostKeyAlgorithms, PubkeyAcceptedAlgorithms, etc.
> Keys may be generated using "ssh-keygen -t mldsa44-ed25519".
> 
> * ssh(1), sshd(8): replace the wildcard pattern matcher with an
> implementation based on an NFA. This avoids exponential worst-case
> behaviour for the old implementation.
> 
> Bugfixes
> --------
> 
> * ssh-agent(1): fix incorrect reply to "query" SSH_AGENTC_EXTENSION
> requests. bz3967
> 
> * ssh(1), sshd(8): fix several bugs that incorrectly
> classified bulk traffic as interactive. bz3972, bz3958
> 
> * ssh-keygen(1), ssh-add(1): skip unsupported key types when
> downloading resident keys from a FIDO token. Previously, downloads
> would abort when one was encountered. GHPR657
> 
> * ssh(1): fix a potential use-after-free on an error path if
> cipher_init() fails.
> 
> * sshd(8): perform stricter encoding and validation of transport
> state passed between sshd privilege separation subprocesses. This
> somewhat further hardens the server against attacks on sshd-auth
> or sshd-session subprocesses.
> 
> * ssh-agent(1): avoid possible runtime denial of service by
> enforcing some limits on the length of usernames in key use
> constraints.
> 
> * sftp(1): fix two separate one-byte out-of-bounds reads, in
> SSH2_FXP_REALPATH and batch command processing.
> 
> * sftp-server(8): disallow use of the copy-data extension to read
> and write to the same inode simultaneously.
> 
> * ssh(1), sshd(8): avoid strlen(NULL) crash if an X11 channel was
> created before the x11-req SSH_MSG_CHANNEL_REQUEST was sent.
> GHPR679
> 
> * sftp(1), scp(1): avoid a situation where sftp_download() could get
> stuck in a loop if a broken server repeatedly returned zero length
> while reading a file.
> 
> * ssh(1): avoid leaking DNS0x20 case-randomised names into names
> canonicalised using CanonicalizePermittedCNAMEs. bz3966
> 
> * sftp-server(8): avoid truncation of pathnames passed to lstat()
> during SSH_FXP_REALPATH handling on systems where PATH_MAX is not
> the actual max. GHPR688
> 
> * ssh(1), sshd(8): correct arming of poll(2) event masks for some
> socket-type channels. GHPR660
> 
> * sshd(8): major refactor of sshd_config parsing and management
> code, to allow for more exact serialisation/deserialisation across
> privilege separation boundaries.
> 
> * ssh-add(1): open connection to the agent only after getopt()
> processing has completed, to give options like "-v" a chance to
> display debug information about this operation.
> 
> * crypto code: fix bounds checking when signing messages of length
> greater than will fit in a size_t. In OpenSSH, message sizes are
> bounded by SSHBUF_SIZE_MAX so this was unreachable.
> 
> * crypto code: add signature malleability and pubkey validity checks
> to ed25519 verification. SSH doesn't depend on these properties
> 
> * crypto code: fix ECDSA order check for curves with cofactor != 1.
> All supported EC curves have cofactor 1, so this was
> unreachable.
> 
> * sshd(8): differentiate between execution failures and a subsystem
> that was not found when logging why a subsystem failed to start.
> GHPR637
> 
> * All: use safer idioms for timegm(3) and mktime(3) error detection.
> 
> * ssh(1), sshd(8): avoid accepting invalid cipher or MAC lists in
> config files or command-line arguments. This could cause runtime
> failures later.
> 
> * ssh(1): fix NULL deref crash during pubkey auth when using a PEM
> style private key with no corresponding .pub key adjacent to it.
> 
> * sshd(8): don't print an error message when trying to load a host
> private key when PKCS#11 keys are in use, as these don't need the
> private half on the filesystem. GHPR664
> 
> * All: don't use deprecated ERR_load_crypto_strings(). GHPR650
> 
> * ssh(1): properly report errors during configuration default
> setting. GHPR649
> 
> * ssh(1): use correct directive name (Match instead of Host) in
> error message. bz3968
> 
> * sftp(1): fix "ls -ln" which was not correctly showing numeric
> UID/GIDs but rather user and group names. bz3953
> 
> * sshd(8): avoid possible NULL dereference if an allocation fails
> during config parsing. bz3948
> 
> * All: fix ineffective guards against loading overly large public
> keys in several places. bz3969 and bz3970
> 
> * sftp(1): ensure file descriptors used by sftp to communicate to
> its ssh(1) subprocess don't leak into executed subprocesses (e.g.
> via "!"). GHPR693
> 
> Portability
> -----------
> 
> * Sync fmt_scaled.c with OpenBSD upstream, picking up an exactness
> fix for large exponents (GHPR671)
> 
> * sshd(8): remove duplicate sandbox entry for clock_gettime64.
> 
> * ssh(1), sshd(8): use correct IPTOS_DSCP_VA value if not provided
> by the system headers.
> 
> * Sync getrrsetbyname.c with OpenBSD upstream, picking up robustness
> fixes.
> 
> * Disable replacements in openbsd-compat for strvisx(3) and
> stravis(3), as these are unused in OpenSSH
> 
> * Avoid fortify warnings on Android bz3954
> 
> * Fix a number of memory leaks on error paths in the portability
> code. GHPR681
> 
> OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de
> Raadt, Kevin Steves, Damien Miller, Darren Tucker, Jason McIntyre,
> Tim Rice and Ben Lindstrom.
> 
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev


More information about the openssh-unix-dev mailing list