OpenSSH 10.0 has been officially released, introducing a number of protocol changes and security upgrades, including a key enhancement for post-quantum security. The release makes the mlkem768x25519-sha256 algorithm the default for key agreement. This hybrid algorithm combines ML-KEM (a NIST-standardized key encapsulation mechanism) with the classical X25519 elliptic curve method, offering quantum-resistant properties while maintaining compatibility and performance.
This shift marks a major step in practical quantum readiness for secure communication infrastructure. The mlkem768x25519-sha256 hybrid is designed to resist attacks by both classical and quantum adversaries, aligning OpenSSH with the U.S. National Institute of Standards and Technology’s (NIST) selected post-quantum cryptographic algorithms. OpenSSH has supported post-quantum algorithms since earlier versions, but this is the first time a PQC hybrid is enabled by default.
Beyond the key exchange changes, OpenSSH 10.0 drops the long-deprecated DSA signature algorithm, disables finite-field Diffie-Hellman in the server by default, and separates user authentication code into a new sshd-auth binary to reduce the pre-authentication attack surface. These changes further harden the system against current and future threats, including those posed by quantum-capable adversaries.
Additional updates include improvements in configuration matching, FIDO2 token support, session type detection, and portability features. On the cryptographic side, AES-GCM is now preferred over AES-CTR, and OpenSSH has improved its modular handling of moduli files for group exchange.
OpenSSH is one of the most widely deployed secure communication protocols globally. The inclusion of a post-quantum default key exchange mechanism signals growing consensus around hybrid cryptographic adoption in mission-critical open-source infrastructure. The OpenSSH project continues to play a foundational role in global network security, with changes like these setting baselines for future-proof encryption.
You can read the official mailing list announcement here and a summary of the release via Phoronix here.
April 9, 2025
