Warning: connection is not using a post-quantum key exchange algorithm

The issue

OpenSSH (or any tool that depends on it) might display a warning about the "store now, decrypt later" attack.

** WARNING: connection is not using a post-quantum key exchange algorithm.
** This session may be vulnerable to "store now, decrypt later" attacks.
** The server may need to be upgraded. See https://openssh.com/pq.html

The warning is a proactive measure to encourage the migration to quantum-resistant standards. There is no immediate risk. (Reference)

The Fix

Option 1:

1) Upgrade the remote server to OpenSSH 10+.

Option 2:

1) If you do not own the server or you are not sure if the server has already been upgraded, you can enforce the KEX via client-side configuration. For example, in MacOS:

$ nano ~/.ssh/config

# All Hosts
Host *
KexAlgorithms mlkem768x25519-sha256,sntrup761x25519-sha512@openssh.com,curve25519-sha256

# Certain Hosts
Host x.x.x.x y.y.y.y z.z.z.z
KexAlgorithms mlkem768x25519-sha256,sntrup761x25519-sha512@openssh.com,curve25519-sha256

2) If the connection is successful and you no longer see the warning, this indicates the server is already upgraded, but the default is still the old algorithm.

3) If the connection negotiation is not successful, this indicates the server is not ready. You will need to stick to one of the available algorithms.

Unable to negotiate with x.x.x.x port yy: no matching key exchange method found. Their offer: aaa, bbb, ccc

Option 3:

1) Add the following to suppress the warning.

$ nano ~/.ssh/config

Host *
WarnWeakCrypto no-pq-kex