OpenSSH 10.0 released

OpenSSH
10.0 has been released. Support for the DSA signature algorithm,
which was disabled by default beginning in 2015, has been
removed. Other notable changes include using the post-quantum algorithm mlkem768x25519-sha256
for key agreement by default, support for systemd-style socket
activation in Portable OpenSSH, and moving code for user
authentication from the sshd-session binary to the new
ssh-auth binary:

Splitting this code into a separate binary ensures that the crucial
pre-authentication attack surface has an entirely disjoint address
space from the code used for the rest of the connection. It also
yields a small runtime memory saving as the authentication code will
be unloaded after the authentication phase completes. This change
should be largely invisible to users, though some log messages may now
come from 'sshd-auth' instead of 'sshd-session'. Downstream
distributors of OpenSSH will need to package the sshd-auth binary.

The release notes also warn that 'software that naively matches
versions using patterns like 'OpenSSH_1*'' may be confused by the
new version number.