ETA on OpenSSH 10?

[clin1234]

Summary of the new feature / enhancement

https://www.openssh.com/txt/release-10.0

Proposed technical implementation details (optional)

No response

[mgkuhn]

Which change are you particularly interested in?
https://www.openssh.com/txt/release-10.0

I'm mostly interested in new workarounds for recently introduced new problems, e.g. this time

• ssh(1): don't start the ObscureKeystrokeTiming mitigations if there has been traffic on a X11 forwarding channel recently. Should fix X11 forwarding performance problems when this setting is enabled. bz3655

[mgkuhn]

This change sounds like the sort of thing that might involve quite a bit more work for the Windows port:

• sshd(8): this release removes the code responsible for the user authentication phase of the protocol from the per-connection sshd-session binary to a new sshd-auth binary. Splitting this code into a separate binary ensures that the crucial pre-authentication attack surface has an entirely disjoint address space from the code used for the rest of the connection. It also yields a small runtime memory saving as the authentication code will be unloaded after the authentication phase completes. This change should be largely invisible to users, though some log messages may now come from "sshd-auth" instead of "sshd-session". Downstream distributors of OpenSSH will need to package the sshd-auth binary.

[KiGamji]

Which change are you particularly interested in?

mlkem768x25519-sha256 key algorithm.

[alexisshaw]

Also looking to start a move to PQC within our firm with support for either that or mlkem1024nistp384-sha384

The latter preferred.

[pjm0616]

OpenSSH 10 also fixes an issue(pull request) with Windows Hello:

 * ssh-keygen(1): support FIDO tokens that return no attestation
   data, e.g. recent WinHello. GHPR542