SSH KexAlgorithm warning

ghose · October 15, 2025, 7:46am

What type of hardware are you using: VPS bought online
What YunoHost version are you running: 12.1.28
How are you able to access your server: The webadmin
SSH
Are you in a special context or did you perform specific tweaking on your YunoHost instance ?: no

Describe your issue

by accesing server via ssh we get this warning from ssh client:

** WARNING: connection is not using a post-quantum key exchange algorithm.
** This session may be vulnerable to "store now, decrypt later" attacks.
** The server may need to be upgraded. See https://openssh.com/pq.html

so reading OpenSSH: Post-Quantum Cryptography, and as our ssh server is at 9.2 version (current in debian ynh)

we «should» add mlkem768x25519-sha256 algorithm to /etc/ssh/sshd_config in KexAlgorithm section (and/or sntrup761x25519-sha512)

do you think it’s better to wait untill ynh-team makes this changes or will this require a manual intervention? (and so be rewritten when system upgrades)

currently is not a problem, may be in the future, but getting rid of this warnings is good for my mental health

thank you

edit: yes, we can also hide this warning. Not so clever, in my opinion.

Share relevant logs or error messages

** WARNING: connection is not using a post-quantum key exchange algorithm.
** This session may be vulnerable to “store now, decrypt later” attacks.
** The server may need to be upgraded. See OpenSSH: Post-Quantum Cryptography

orhtej2 · October 15, 2025, 8:31am

Ideally the change should be made in the configuration template, don’t know about the compatibility with client software though

jarod5001 · October 15, 2025, 8:56am

What ssh client is it?

ghose · October 15, 2025, 2:19pm

OpenSSH_10.2p1, OpenSSL 3.6.0 1 Oct 2025

narF · November 6, 2025, 5:09pm

Is that something that the Yunohost project can fix via a future update?

ghose · November 7, 2025, 5:04am

yes, as @orhtej2 said, adding sntrup761x25519-sha512 to configuration template (as current ssh version in ynh is 9.2)

I have manually add this KexAlgorithm in one of my servers and now I don’t get this warning message.

Remember that this is a warning, not a problem nor an error

Aleks · November 7, 2025, 12:21pm

We are using Mozilla’s recommendation for SSH ciphers, algorithms etc : OpenSSH

However that recommendation hasnt been updated in years

In an ideal world we would find some new recommendation from a trustable third party that do know what they are doing, such that we don’t end up bikeshedding on ciphers etc and adding stuff to the configuration just because “someone on the internet told me to add this” and whatever…

Also having a warning about “post quantum”, “store now, decrypt later” honestly feels quite arguable … i mean first you need to believe in quantum computing, and second you must be in such a threat model that a malicious actor is so interested in what you’re doing that they are willing to

sniff your network traffic
save it for dozens of years
until someday they can access hypothetical quantum computers
and finally decrypt your traffic

I mean I suppose if you’re managing critical infrastructure like nuclear reactors and want to protect yourself from other state actors willing to take control of your infrastructure that makes sense but urrrgh

system · December 7, 2025, 12:22pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.