Skip to content

OpenSSH 10.4: Hybrid Post-Quantum Signatures and Security Updates

At a glance: OpenSSH 10.4 combines classical ECDSA signatures for the first time with post-quantum algorithms for quantum security, while addressing multiple existing vulnerabilities.

OpenSSH 10.4 introduces experimental hybrid post-quantum signatures and closes several security gaps in SSH, SCP and SFTP. CISOs must expect this cryptographic agility to become standard soon.

With version 10.4, the OpenSSH project introduces experimental hybrid post-quantum signatures. These signatures combine established elliptic curve cryptography (ECDSA) with quantum-resistant algorithms. The hybrid approach is intended to provide protection against future quantum computers even before a complete migration to post-quantum procedures.

In parallel, OpenSSH 10.4 fixes multiple security vulnerabilities in the core protocols SSH, SCP and SFTP. In addition, protocol hardening measures have been implemented. The exact number and severity ratings of the fixed vulnerabilities are not specified by the available information.

For CISOs, this is a critical signal: the integration of hybrid post-quantum cryptographic agility into the de facto standard SSH implementation signals the beginning of the transition to quantum-safe authentication mechanisms. Organizations should review their upgrade strategies and test internal SSH infrastructures for compatibility with OpenSSH 10.4, even if the post-quantum modes initially remain experimental.


Source: www.heise.de · Published 7 July 2026
Lumi AI News — AI-assisted curation in accordance with Article 50 EU AI Act. Paraphrasing and classification by Lumi News Pipeline v1.7.3.

Share on: