OpenSSH 10.4, released July 6, 2026, is a security-focused update. Here’s what actually changed and who needs to act.
Table of Contents
Fixes That Protect You From Malicious Servers
Several fixes protect the client from a server that has already gone bad. Running sftp host:/path . could previously let a malicious server drop files somewhere you didn’t intend; 10.4 stops that. A matching scp fix blocks a hostile server from writing into the parent of your target directory when copying between two remote hosts. In both cases, the destination you specify is now the only one used.
A Silent Truncation Bug
In sshd‘s internal-sftp implementation, long command lines were silently cut off after the ninth argument. If a security option sat tenth or later, it was quietly discarded — leaving a system less locked down than the admin thought. That silent truncation is fixed.
DoS and Memory-Safety Hardening
- A pre-authentication denial-of-service in
sshdwhenGSSAPIAuthenticationis enabled (off by default, but critical for Kerberos/GSSAPI environments). - Several cases where
sshdfailed to enforce the minimum auth delay meant to slow brute-force attacks. - A client-side use-after-free in
sshif a server changes its host key during key re-exchange.
Stricter Protocol Behavior
ssh and sshd now disconnect any peer that sends non-key-exchange messages during a post-authentication key re-exchange, closing a memory-wasting abuse. Caveat: older or non-compliant implementations that don’t restrict these messages may now get disconnected — test legacy devices before rolling out.
Two Changes Admins Must Note
sshd -Gnow prints directive names in mixed case (PubkeyAuthentication) instead of lowercase. Scripts that parse this output may break.- On Linux, failing to enable
SECCOMPorNO_NEW_PRIVSis now fatal —sshdwon’t start. Systems lacking these features must disable the sandbox at configure time.
Post-Quantum Cryptography (Experimental)
The headline feature is experimental support for a composite signature scheme combining ML-DSA 44 (NIST’s quantum-resistant algorithm) with Ed25519. Pairing them is deliberate insurance: if the newer algorithm is ever broken, the proven classical one still holds. It’s not on by default — you must add it to HostKeyAlgorithms or PubkeyAcceptedAlgorithms to test it.
Under the Hood
OpenSSH replaced its wildcard pattern matcher with a non-deterministic finite automaton (NFA), eliminating the old matcher’s exponential worst-case slowdown. The release also fixes ssh-agent extension queries, FIDO resident key handling, sftp out-of-bounds reads, privilege-separation state validation, plus assorted crashes, memory leaks, and portability issues.
Should You Update?
Yes, soon. The client-side sftp and scp fixes alone justify it. Admins should update too, but first check any scripts parsing sshd -G output and any hosts relying on seccomp behavior — test those in staging, then roll forward.
For full details, see the OpenSSH 10.4 release notes.




