OpenSSH 10.0 released

OpenSSH10.0 has been released. Support for the DSA signature algorithm,which was disabled by default beginning in 2015, has beenremoved. Other notable changes include using the post-quantum algorithm mlkem768x25519-sha256for key agreement by default, support for systemd-style socketactivation in Portable OpenSSH, and moving code for userauthentication from the sshd-session binary to the newssh-auth binary:

Splitting this code into a separate binary ensures that the crucialpre-authentication attack surface has an entirely disjoint addressspace from the code used for the rest of the connection. It alsoyields a small runtime memory saving as the authentication code willbe unloaded after the authentication phase completes. This changeshould be largely invisible to users, though some log messages may nowcome from "sshd-auth" instead of "sshd-session". Downstreamdistributors of OpenSSH will need to package the sshd-auth binary.

The release notes also warn that "software that naively matchesversions using patterns like "OpenSSH_1*"" may be confused by thenew version number.