OpenSSH has released Version 10.2, a critical bugfix update to its complete, 100% implementation of the SSH protocol 2.0, including support for both sftp client and server. The primary fix in this release addresses a stability problem in ssh(1), where sessions became unusable if the ControlPersist feature was enabled, a fault tracked internally.
The OpenSSH 10.2 update delivers several other key corrections for developers and system administrators. The ssh-keygen(1) utility received two specific fixes: one for issues downloading keys from PKCS#11 tokens, and another correcting problems with CA signing operations when the certificate authority key is held in ssh-agent(1). Furthermore, the sshd(8) daemon now prevents setting PAM_RHOST for “UNKNOWN” remote hosts, a change implemented to avoid potential hangs in certain PAM modules.
Recommended: Best Linux FTP Client: Top 10 Reviewed for Linux Geeks
Looking ahead, the OpenSSH development team issued a warning regarding the planned deprecation of SHA1 SSHFP DNS records in a future release, citing known weaknesses in the SHA1 hash algorithm. The more secure SHA256 algorithm is the standard and has been supported for SSHFP records since OpenSSH 6.1 in 2012.
The release also includes several portability improvements. It now supports platforms without the mmap(2) system call, such as WASM, and resolves specific build issues encountered on FreeBSD and on macOS versions older than 10.12 Sierra.
