this post was submitted on 11 Aug 2025
28 points (100.0% liked)

Linux

9630 readers
124 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 2 years ago
MODERATORS
Ategon@programming.dev
anzo@programming.dev
dwraf_of_ignorance@programming.dev
28
Post-Quantum Cryptography Advice Added to OpenSSH Website (undeadly.org)
submitted 1 month ago by cm0002@piefed.world to c/linux@programming.dev
1 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] fraksken 11 points 1 month ago

OpenSSH has offered post-quantum key agreement (KexAlgorithms) by default since release 9.0 (2022), initially via the sntrup761x25519-sha512 algorithm. More recently, in OpenSSH 9.9, we have added a second post-quantum key agreement mlkem768x25519-sha256 and it was made the default scheme in OpenSSH 10.0.

To encourage migration to these stronger algorithms, OpenSSH 10.1 will warn the user when a non post-quantum key agreement scheme is selected. These warnings are displayed by default but may be disabled via the WarnWeakCrypto option in ssh_config(5).