Skip to content

ssh client warns about insecure key exchange algorithm in a post-quantum world. #554

Description

@cmd-ntrf

When connecting to Magic Castle, ssh client of version >= 10.0 produces the following warning:

** WARNING: connection is not using a post-quantum key exchange algorithm.
** This session may be vulnerable to "store now, decrypt later" attacks.
** The server may need to be upgraded. See https://openssh.com/pq.html

Post-quantum key agreement (KexAlgorithms) was introduced in OpenSSH 9. Magic Castle depends on RHEL choice of OpenSSH server version.

  • RHEL 10: OpenSSH 9.9
  • RHEL 9: OpenSSH 8.7
  • RHEL 8: OpenSSH 8.0

Until Magic Castle supports EL10, the warning will be around.

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type
    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions