<feed xmlns='http://www.w3.org/2005/Atom'>
<title>src/secure/libexec/sshd-auth, branch stable/14</title>
<subtitle>FreeBSD source tree</subtitle>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/'/>
<entry>
<title>OpenSSH: Update to 10.0p2</title>
<updated>2026-01-20T19:41:59+00:00</updated>
<author>
<name>Ed Maste</name>
<email>emaste@FreeBSD.org</email>
</author>
<published>2025-08-01T15:56:45+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=7ca599aa613955a939284292f0993b59b0d9fef3'/>
<id>7ca599aa613955a939284292f0993b59b0d9fef3</id>
<content type='text'>
Full release notes are available at
https://www.openssh.com/txt/release-10.0

Selected highlights from the release notes:

Potentially-incompatible changes

- This release removes support for the weak DSA signature algorithm.
  [This change was previously merged to FreeBSD main.]

- This release has the version number 10.0 and announces itself as
  "SSH-2.0-OpenSSH_10.0".  Software that naively matches versions using
  patterns like "OpenSSH_1*" may be confused by this.

- sshd(8): this release removes the code responsible for the user
  authentication phase of the protocol from the per-connection
  sshd-session binary to a new sshd-auth binary.

Security

- sshd(8): fix the DisableForwarding directive, which was failing to
  disable X11 forwarding and agent forwarding as documented.
  [This change was previously merged to FreeBSD main.]

New features

- ssh(1): the hybrid post-quantum algorithm mlkem768x25519-sha256 is now
  used by default for key agreement.

Sponsored by:	The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D51630

(cherry picked from commit 8e28d84935f2f0ee081d44f9803f3052b960e50b)
(cherry picked from commit e600fc7295a7082041388113a5d677f6c4cf7ce7)
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Full release notes are available at
https://www.openssh.com/txt/release-10.0

Selected highlights from the release notes:

Potentially-incompatible changes

- This release removes support for the weak DSA signature algorithm.
  [This change was previously merged to FreeBSD main.]

- This release has the version number 10.0 and announces itself as
  "SSH-2.0-OpenSSH_10.0".  Software that naively matches versions using
  patterns like "OpenSSH_1*" may be confused by this.

- sshd(8): this release removes the code responsible for the user
  authentication phase of the protocol from the per-connection
  sshd-session binary to a new sshd-auth binary.

Security

- sshd(8): fix the DisableForwarding directive, which was failing to
  disable X11 forwarding and agent forwarding as documented.
  [This change was previously merged to FreeBSD main.]

New features

- ssh(1): the hybrid post-quantum algorithm mlkem768x25519-sha256 is now
  used by default for key agreement.

Sponsored by:	The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D51630

(cherry picked from commit 8e28d84935f2f0ee081d44f9803f3052b960e50b)
(cherry picked from commit e600fc7295a7082041388113a5d677f6c4cf7ce7)
</pre>
</div>
</content>
</entry>
</feed>
