Warning: connection is not using a post-quantum key exchange algorithm

The issue

OpenSSH (or tools that depend on it) might display a warning message about the "store now, decrypt later" attack.

** WARNING: connection is not using a post-quantum key exchange algorithm.
** This session may be vulnerable to "store now, decrypt later" attacks.
** The server may need to be upgraded. See https://openssh.com/pq.html

. The warning is a proactive measure to encourage the migration to quantum-resistant standards. There is no immediate risk.

The Fix

1) Upgrade the remote server to OpenSSH 10+.

2) If you do not own the server or you are not sure if the server has already been upgraded, you can enforce the KEX via client-side configuration. For example, in MacOS:

$ nano ~/.ssh/config

Host *
KexAlgorithms mlkem768x25519-sha256,sntrup761x25519-sha512@openssh.com,curve25519-sha256

AI Summary

gpt-5.4-mini-2026-03-17 2026-03-26 14:18:21

OpenSSH may warn that a connection is not using a post-quantum key exchange algorithm, citing potential “store now, decrypt later” risks. The post explains that this is a proactive warning rather than an immediate security problem. The recommended fix is to upgrade the remote server to OpenSSH 10 or later, or, if that is not possible, enforce a compatible key exchange choice on the client through SSH configuration.

Chrome On-device AI 2026-03-26 14:32:50

The issue

The Fix

AI Summary

Share this Post