Update to a current OpenSSH client & server to be post quantum crypto safe
Daniel Nashed – 18 February 2026 00:37:55
Today I got an interesting warning. This was on Windows -- not on Linux.
The log message took me to this OpenSSH info page -> https://www.openssh.org/pq.html
This isn't OpenSSL. This is about OpenSSH.
OpenSSH decided to add a security warning in the latest versions to warn for sessions connecting to older OpenSSH server versions with the following warning.
** WARNING: connection is not using a post-quantum key exchange algorithm.
** This session may be vulnerable to "store now, decrypt later" attacks.
** The server may need to be upgraded. See https://openssh.com/pq.html
If you are running for example on Ubuntu 24.04 LTS you are on the safe side.
The version in use is currently version 9.6
ssh -V
OpenSSH_9.6p1 Ubuntu-3ubuntu13.14, OpenSSL 3.0.13 30 Jan 2024
The next LTS version 26.04 -- which is planned for April 2026 -- will bring at least
ssh -V
OpenSSH_10.2p1 Ubuntu-2ubuntu1, OpenSSL 3.5.3 16 Sep 2025 (I am running it already for testing)
The interesting part are those two two key exchange algorithm
- sntrup761x25519-sha512@openssh.com
- mlkem768x25519-sha256 (in OpenSSH 10.x and higher)
The first key exchange algorithm is already in OpenSSH 9.6.
It's an hybrid algorithm which is regarded as quantum computing safe.
But OpenSSH switched to a newer algorithm in 10.x.
Even if you are not getting this warning, if you don't have any client with OpenSSH version which prints this warning, it makes sense to look at your version and make sure you are running the latest version supported by your OS.
This also includes OpenSSH servers for Windows!
The link above has more details about why this is important today. It would be a major concern if you are a normal customer.
But it makes sense to update OpenSSH versions anyhow.
This would be a client and server requirement! And it also affects clients like MobaXterm which might use embedded libs.
There are ways to use external SSH versions. I would not be too concerned. But looking into the latest versions for your SSH client/server software and installing the latest OpenSSL version is always a good idea.
ssh -Q kex
diffie-hellman-group1-sha1
diffie-hellman-group14-sha1
diffie-hellman-group14-sha256
diffie-hellman-group16-sha512
diffie-hellman-group18-sha512
diffie-hellman-group-exchange-sha1
diffie-hellman-group-exchange-sha256
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
curve25519-sha256
curve25519-sha256@libssh.org
sntrup761x25519-sha512
sntrup761x25519-sha512@openssh.com
mlkem768x25519-sha256
- Comments [0]
![[HCL Domino]](../lotus-domino.gif){kind=small}
![[Domino on Linux]](../domino-linux.gif){kind=small}
![[Nash!Com]](../nashcom.gif){kind=small}
![[Daniel Nashed]](../daniel-nsh.gif){kind=small}