
OpenSSH 10.4: Post-Quantum Signatures and Quiet SSH Hardening
OpenSSH 10.4 rolls up eight security fixes and adds experimental post-quantum signatures, future-proofing the world's most trusted secure remote access tool.
OpenSSH 10.4 Quietly Hardens the Internet's Front Door
If you have ever logged into a remote server, moved a file with SFTP, or copied one with SCP, you have trusted OpenSSH. It is the most widely deployed secure remote access tool on the planet, and the release of OpenSSH 10.4 is a reassuring reminder of what good stewardship looks like. This update bundles eight security fixes with a first experimental step toward post-quantum protection, and it does so calmly, without drama. Nothing here should keep you up at night. It is simply steady, careful hardening of software billions of connections depend on.
Eight Fixes That Tidy Up the Edges
Most of the eight fixes address subtle corner cases rather than gaping holes, which is exactly what mature, well-maintained software looks like. Two are worth understanding in plain terms. The first involves SFTP: a malicious server could nudge an sftp host:/path . download so a file landed somewhere unexpected on your machine instead of where you intended. The second is a similar SCP issue, where a crafted transfer could write into the parent directory of your chosen target rather than the target itself.
The rest round out the defense. OpenSSH 10.4 resolves a pre-authentication GSSAPI denial-of-service, meaning an attacker could no longer disrupt a server before even logging in. It fixes a client use-after-free bug that could surface if a server swapped host keys mid-connection during a key re-exchange. And it now consistently enforces the minimum authentication delay, which keeps a determined attacker from testing passwords at high speed. The key point: these were found and fixed by the project itself. That is defense-in-depth working as designed.
Post-Quantum Signatures Arrive, Belt-and-Suspenders Style
The headline feature is experimental support for composite post-quantum signatures. OpenSSH 10.4 pairs ML-DSA-44, a quantum-resistant algorithm, with the trusted Ed25519. Think of it as belt-and-suspenders cryptography: your key is only compromised if both algorithms fail at once. If a future quantum computer someday weakens one, the other still stands guard.
This matters because of a real long-term concern in post-quantum cryptography known as harvest-now-decrypt-later, where data captured today could be unlocked years from now. By starting to future-proof key signatures now, OpenSSH gives the ecosystem time to test and adopt at a comfortable pace. The feature is disabled by default and strictly opt-in, so nothing changes for existing setups unless you choose to experiment.
Smarter Pattern Matching Under the Hood
There is also a quieter engineering win. OpenSSH 10.4 ships a rewritten wildcard pattern matcher built on a non-deterministic finite automaton (NFA). The practical benefit is that complex patterns in your configuration can no longer be coaxed into slow, ReDoS-style performance problems. It is the kind of invisible improvement that keeps SSH security fast and predictable.
Taken together, OpenSSH 10.4 is a model of proactive open source work: hardening everyday SSH, SFTP, and secure remote access while thoughtfully preparing for the quantum era. Update when your distribution offers it, keep post-quantum signatures on your radar, and rest easy knowing the internet's front door is in careful hands.
Sources: Help Net Security — "OpenSSH 10.4 arrives with security fixes and a post-quantum signature option" — July 6, 2026; LWN.net — "OpenSSH 10.4 released" — July 6, 2026.
