Skip to content
Home » OpenSSH 9.6 Arrives: Patching Up and Powering Up

OpenSSH 9.6 Arrives: Patching Up and Powering Up

OpenSSH, the workhorse of secure remote access, has received a welcome update with version 9.6. This release doesn’t just patch security holes, it also throws in some handy new features to keep your remote connections running smoothly and securely.

OpenSSH 9.6: Key fixes

OpenSSH 9.6 addresses three key vulnerabilities:

  • Terrapin Tamed: A malicious technique known as “Terrapin” could weaken secure connection establishment. OpenSSH 9.6 shuts this door with clever protocol tweaks.
  • Shell Surprise Squashed: A vulnerability that allowed attackers to inject malicious commands through login and hostnames containing special characters. This update nips that trick in the bud.
  • PKCS#11 Key Control Enhanced: OpenSSH 9.6 ensures proper access restrictions for all PKCS#11 keys, not just the first one.
OpenSSH 9.6
OpenSSH 9.6

Additional updates

OpenSSH 9.6 isn’t all about plugging holes; it also brings some useful additions:

  • ProxyJump Made Easy: The “%j” substitution in ssh simplifies referencing the ProxyJump hostname in your configurations.
  • Channel Timeout for Idle Connections: Want to keep your SSH sessions lean and mean? The new ChannelTimeout option lets you gracefully disconnect inactive channels.
  • ED25519 Fans Rejoice: OpenSSH 9.6 now supports reading ED25519 private keys in PEM PKCS8 format, offering more key choices and cryptographic flexibility.
  • Granular Signature Algorithm Control: A new protocol extension lets you fine-tune signature algorithms for different users, enhancing security customization.
  • PKCS#11 Certificate Synergy: Unleash the power of certificates stored in your PKCS#11 tokens across all OpenSSH utilities that support ssh-agent.

That’s about the key updates in this bug fix minor release.

In summary, OpenSSH 9.6 is a worthwhile upgrade. Update your systems and keep your device secure. Remember: Strong passwords and proper key management remain crucial security practices, even with OpenSSH 9.6’s improvements.

This version should arrive in all major Linux distribution repositories within this week as of publishing this.

You can download the source from this page.

Via release announcement

Recent articles from

Notify of

Inline Feedbacks
View all comments