#post-quantum

OpenSSH 10.4 was released, adding experimental support for a composite post-quantum signature scheme combining ML-DSA 44 and Ed25519. Additionally, on Linux, sshd will now refuse to start if SECCOMP or NONEWPRIVS sandbox features are not enabled. This is significant because SSH is a critical infrastructure tool used for secure remote access worldwide; post-quantum signature support future-proofs SSH against potential quantum computer attacks. The stricter sandbox enforcement improves security by ensuring sshd runs in a confined environment, reducing the impact of potential vulnerabilities. The post-quantum signature scheme follows an IETF draft and combines ML-DSA 44 (a NIST-standardized lattice-based algorithm) with Ed25519. On Linux, if sshd is compiled with sandbox support and the system lacks SECCOMP or NONEWPRIVS, the daemon will now fail to start instead of merely logging an error.