openssh.com/pq.html: warning even without explicit kex config?
Steffen Nurpmeso
steffen at sdaoden.eu
Sun Oct 12 08:57:12 AEDT 2025
Stuart Henderson wrote in
<aOq6bTQsnKmotCVj at symphytum.spacehopper.org>:
|On 2025/10/11 19:19, SCOTT FIELDS via openssh-unix-dev wrote:
|> What is the exact warning you’re getting?
|
|the only warning which refers to pq.html is this one
|
|static void
|warn_nonpq_kex(void)
|{
| logit("** WARNING: connection is not using a post-quantum key exchange \
| algorithm.");
| logit("** This session may be vulnerable to \"store now, decrypt later\" \
| attacks.");
| logit("** The server may need to be upgraded. See https://openssh.com/pq\
| .html");
|}
|
|the warning is currently disabled if you set KexAlgorithms in config
|to anything other than the default, or if you set WarnWeakCrypto to
|'no' or 'no-pq-kex'.
I actually *had* "KexAlgorithms curve25519-sha256 at libssh.org" in
the VPN sshd configuration.
(Btw it is distressing enough to add the config key fast, at least
without ControlMaster; since now ~/.ssh is managed more actively
aka has more content, one could dream of some automated
ratelimiting for them. ... ie like .sshwarn-HOSTHASH, and then
a stat timestamp based automated cleanup. (Since my ~/.ssh is
a symlink into a fuse-encrypted volume that goes away with LID
close etc i am sure i will hate it, surely forgetting about -T so
and so often, but well.))
--End of <aOq6bTQsnKmotCVj at symphytum.spacehopper.org>
--steffen
|
|Der Kragenbaer, The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runter wa.ks himself off
|(By Robert Gernhardt)
More information about the openssh-unix-dev
mailing list