OpenSSH 8.4 was released yesterday. It includes several signifigant changes for FIDO/U2F authentication, some of which are listed as potentially-incompatible, but are still great to see. Other things that caught my eye:

scp(1), sftp(1): allow the -A flag to explicitly enable agent forwarding in scp and sftp. The default remains to not forward an agent, even when ssh_config enables it.

sshd(8): allow sshd_config longer than 256k

And I’m always pleased to see NetBSD portability notes:

sshd(8): support NetBSD’s utmpx.ut_ss address field. bz#960

This exquisitely-maintained software powers so much of the Internet. It got me thinking that for all my talk about donations, I should put my money where my mouth is and donate to the OpenBSD Foundation. Even if you’ve never heard of OpenSSH, you’ve also benefited from it.