Milan @milan

18 posts17 participants3 posts today

**Marcel SIneM(S)US** @simsus · 13h

#OpenSSH10 setzt auf Standards für quantensicheren Schlüsselaustausch | Security https://www.heise.de/news/OpenSSH-10-setzt-auf-Standards-fuer-quantensicheren-Schluesselaustausch-10345975.html #Verschlüsselung #encryption #SSH #OpenSSH

heise online · 2dOpenSSH 10 setzt auf Standards für quantensicheren Schlüsselaustausch

More from

Dr. Christopher Kunz

**Portada Hardlimit** @portada_hl@social.hardlimit.com · 16h

16h

Portada Hardlimit @portada_hl@social.hardlimit.com

La décima versión de OpenSSH viene con el algoritmo mlkem768xto25519-sha256 activado por defecto, que se considera seguro ante ataques con ordenadores cuánticos y además se ha convertido en norma en el NIST #openssh -> https://hardlimit.com/archivo.php?n=2286

hardlimit.comPrimera página | Portada HardlimitToda la actualidad del hardware y el software. Visita nuestros foros y comprueba el rendimiento de tu procesador con nuestro banco de pruebas.

**Jeff Forcier** @bitprophet@social.coop · 20h

20h

Jeff Forcier @bitprophet@social.coop

I see #OpenSSH got to fully removing DSA key support, so that means my “probably do that in #Paramiko” todo list item has no more excuses

Well, ok, it still has a few excuses (will be years before the average sshd is OpenSSH 10.0+) but still. Needs happenin' sometime and it ain't like old releases go away, so.

**nixCraft** @nixCraft@mastodon.social · 1d

nixCraft @nixCraft@mastodon.social

OpenSSH 10.0/10.0p2 released https://www.openssh.com/releasenotes.html#10.0p1

www.openssh.comOpenSSH: Release NotesOpenSSH release notes

#unix #openssh #linux

Continued thread

**Parade du Grotesque** @ParadeGrotesque@mastodon.sdf.org · 1d *

1d *

Parade du Grotesque @ParadeGrotesque@mastodon.sdf.org

Also: #Slackware 15 has a security update for Python3:

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2025&m=slackware-security.326755

Slackware-current just adopted #OpenSSH 10.0.p1 & #OpenSSL 3.5

n/openssh-10.0p1-x86_64-1.txz: Upgraded. Potentially-incompatible changes include the removal of the weak DSA signature algorithm, completing the deprecation process that began in 2015 (when DSA was disabled by default) and repeatedly warned over the last 12 months.

n/openssl-3.5.0-x86_64-1.txz: Upgraded. New LTS release, supported until 08 Apr 2030.

www.slackware.comThe Slackware Linux Project: Slackware Security Advisories

**Edwin G.** @EdwinG@mstdn.moimeme.ca · 1d

Edwin G. @EdwinG@mstdn.moimeme.ca

Portable OpenSSH 10.0p1 will not exist. It will be known as OpenSSH 10.0p2.

https://lists.mindrot.org/pipermail/openssh-unix-announce/2025-April/000163.html
- - -
OpenSSH portable 10.0p1 n’existera pas. Ce sera connue comme OpenSSH 10.0p2.

// Publication en anglais //

lists.mindrot.org[openssh-unix-announce] Announce: OpenSSH 10.0 released

#OpenSSH #SSH

**KielKontrovers Blog** @kielkontrovers@norden.social · 1d

KielKontrovers Blog @kielkontrovers@norden.social

#OpenSSH 10.0 Released

https://undeadly.org/cgi?action=article;sid=20250410053152

undeadly.orgOpenSSH 10.0 Released

#Openbsd #SSH

**Senioradmin** @Haydar · 1d *

1d *

Senioradmin @Haydar

#OpenSSH 9.8 und höher kommt allmählich auf die Server. Da wird die Option PerSourcePenalties interessant (siehe https://undeadly.org/cgi?action=article;sid=20240607042157 ) die fail2ban u.ä. überflüssig machen könnte.

Konfig-Beispiele sind aber noch rar gesät. Nach der manpage zu urteilen, sollte aber

PerSourcePenalties authfail:3600s

dafür sorgen dass IPs, die Brute-Force Attacken fahren für 1 Stunde geblockt werden, korrekt?

undeadly.orgOpenSSH introduces options to penalize undesirable behavior

#SSH

**Peter N. M. Hansteen** @pitrh@mastodon.social · 1d

Peter N. M. Hansteen @pitrh@mastodon.social

OpenSSH 10.0 Released https://www.undeadly.org/cgi?action=article;sid=20250410053152 #openbsd #openssh #ssh #security #networking #development #newrelease #devops #sysadmin #freesoftware #libresoftware

www.undeadly.orgOpenSSH 10.0 Released

**ティージェーグレェ** @teajaygrey@snac.bsd.cafe · 1d *

1d *

ティージェーグレェ @teajaygrey@snac.bsd.cafe

Ooph, updated the sshd-session.c patch that MacPorts uses (to try to sandbox things, whoever did that was before my time) and while the patch I modified applies OK, the OpenSSH 10.0p1 build still fails with MacPorts' additional "special sauce".

I updated the Trac issue with as far as I got here:

https://trac.macports.org/ticket/72317

But I need to step AFK for a while and won't be able to look at this again for several hours.

If others want to take a crack at it and fix whatever I failed to get correct, contributions are more than welcome!

Thanks!

(and here I was thinking the legacy_dsa variant removal would be my potential stumbling block. Nope! sigh I should have tested the snapshot more thoroughly I guess, but I still don't have a functional mpbb locally and I don't even want to get into my "methodology" for diffing this stuff locally, it's basically line by line with not such great tools.)

Near as I can discern sshd-session.c got reworked a bit since 9.9p2 and my shoot from the hip attempt is insufficient.

#OpenSSH #MacPorts

trac.macports.org#72317 (update OpenSSH 10.0p1) – MacPorts

**RenézuCode** @ReneRebe@chaos.social · 2d

RenézuCode @ReneRebe@chaos.social

#OpenSSH 10.0 Released with Major #Security and #Performance Upgrades https://medium.com/p/openssh-10-0-released-with-major-security-and-performance-upgrades-f7d61012b96e?source=social.tw

Medium · 2dOpenSSH 10.0 Released with Major Security and Performance UpgradesBy René Rebe's IT News

**r1w1s1** @r1w1s1@snac.bsd.cafe · 2d

r1w1s1 @r1w1s1@snac.bsd.cafe

OpenSSH 10.0 is out!

One of the most critical tools in any Unix admin’s toolbox just got even better.

Release notes: https://www.openssh.com/releasenotes.html#10.0p1

Huge thanks to the OpenSSH devs for keeping the Internet safer with every release.

#openssh #linux #openbsd #bsd

www.openssh.comOpenSSH: Release NotesOpenSSH release notes

**Raven** @raven@bsd.cafe · 2d

Raven @raven@bsd.cafe

OpenSSH 10.0 released with hybrid post-quantum algorithm mlkem768x25519-sha256 as default key agreement, new cipher preference list, new options, bug fixes

https://www.openssh.com/releasenotes.html

www.openssh.comOpenSSH: Release NotesOpenSSH release notes

#openssh #openbsd #infosec

**LavX News** @lavxnews@mastodon.cloud · 2d

LavX News @lavxnews@mastodon.cloud

OpenSSH 10.0: A Leap Forward in Secure Shell Technology

The release of OpenSSH 10.0 introduces significant enhancements in security and functionality, solidifying its status as a cornerstone of secure communications in the tech industry. With new features ...

https://news.lavx.hu/article/openssh-10-0-a-leap-forward-in-secure-shell-technology

#news #tech #OpenSSH

Continued thread

**Bryan Steele** @brynet@bsd.network · 2d

Bryan Steele @brynet@bsd.network

#OpenSSH 10.0 release notes: https://www.openssh.com/txt/release-10.0

In addition to removing DSA, this splits the user authentication code from the sshd-session binary into a separate sshd-auth binary. Also only #OpenBSD, this new sshd-authd is relinked on boot, just like sshd-session & sshd.

Replied in thread

**Kevin Karhan** @kkarhan@infosec.space · 3d *

3d *

Kevin Karhan @kkarhan@infosec.space

@JessTheUnstill @Pibble

And yes, I treat all devices as insecure and would rather invest the time and effort needed get #TechIlliterates up to speed on the #OfflinePGP method!

Sounds cumbersome, but when your threat model literally goes against the #1 #Hacking #Regime (#USA) with more #Exploits stockpiled than any hacking forum (cuz #NOBUS doctrine), you gotta have to upgrade.

Given the cheapness of storage (legitimate 1TB microSD cards exist and they ain't 4-digit items!) I'd legitimately look into #OTP #encryption and (IF I had the €€€€€€ to do so!) would even sponsor implementing it in #OpenVPN, #WireGuard and #OpenSSH (for #SSH-Tunmeling).