backporting sntrup761x25519-sha512 key exchange to OpenSSH 8.9-9.8
Theo de Raadt
deraadt at openbsd.org
Tue Aug 12 14:40:26 AEST 2025
Damien Miller <djm at mindrot.org> wrote:
> Hi,
>
> I have just made a series of commits to the stable branches of portable
> OpenSSH versions 8.9 through 9.8 to enable the "sntrup761x25519-sha512"
> key agreement algorithm.
>
> This algorithm is the IANA-allocated name for the existing post-quantum
> algorithm "sntrup761x25519-sha512 at openssh.com". Apart from the name,
> "sntrup761x25519-sha512" is completely identical and it was only a
> trivial change to enable the new standard name as an additional
> alias.
It's been pointed out there are some lazy people :-)
So this is the tiny change to pickup:
https://github.com/openssh/openssh-portable/commit/ffdbae4c0201d42bfa1f5c5e9c21454d10795491
That probably patches into most of the versions above 8.9 or you can find
the exact patch you need.
More information about the openssh-unix-dev
mailing list