SSH into L5 (Byzantium)

Yesterday I’ve had to update my MacBook to to MacOS 26.5.1 and on SSH from this into the L5 via USB tethering it now said:

$ ssh purism@10.42.0.1
** WARNING: connection is not using a post-quantum key exchange algorithm.
** This session may be vulnerable to "store now, decrypt later" attacks.
** The server may need to be upgraded. See https://openssh.com/pq.html
Linux pureos 6.6.0-1-librem5 #2 SMP PREEMPT 6.6.139pureos1 2026-05-16 18:17:42 UTC aarch64
Last login: Mon Jun  8 11:15:22 2026 from 10.42.0.18
OK
inhibiting suspend ...
purism@pureos:~$

The explanation I’ve got from AI was that future post quantum servers could break into such sessions.

Its recommendation was:

How to Fix or Suppress It

  1. Upgrade the Server (Recommended)
    If you manage the server you
    are connecting to, upgrade the OS and OpenSSH to version 9.9 or
    higher to enable modern key exchange algorithms like
    mlkem768x25519-sha256 or sntrup761x25519-sha512

  2. Suppress the Warning on Your Client Machine
    If you cannot upgrade
    the server (e.g., connecting to services like Bitbucket or Microsoft
    Azure DevOps), you can silence the warning on your local computer.
    Open your ~/.ssh/config file and add the following lines:

vim ~/.ssh/config

Host *
  IgnoreUnknown WarnWeakCrypto
  WarnWeakCrypto no-pq-kex

Yes, that is the meaning of “store now, decrypt later”.

An attacker could record the entire encrypted SSH session now, storing it until such time in the future when the key exchange algorithm (presumably Diffie-Hellman) can be broken by a Quantum Computer. Then, from the now broken encryption the attacker may be able to extract a plaintext password (although apparently you are not using one) but in any case break the confidentiality of the SSH session.

The whole thing is less of an issue with a local session (as is apparently the case, given the 10/8 IP address). If someone is recording your local network sessions then you may already have a fairly serious security problem. It is much more of an issue for SSH sessions over the public internet.

Since byzantium is basically not the official release now, you should upgrade to crimson. I don’t know what version of the SSH server that will get you but for sure that upgrade is a starting point i.e. see whether the warning goes away once the phone is running crimson.

1 Like

PS to my previous post:

Unfortunately crimson only gets you to 9.2

Looks like dawn will get you to 10.0

So upgrade to crimson now, upgrade to dawn as soon as it is released - then supersede any confidential material that has been transmitted over the internet using earlier versions of SSH … for those who take their security very seriously.

1 Like

…or perhaps don’t listen to LLM’s confabulation, upgrade to crimson and find out that it’s enough to get rid of the warning.

6 Likes

One of my other L5 devices runs Crimson and the situation is like this:

$ telnet l5 22
Trying 192.168.178.49...
Connected to l5.
Escape character is '^]'.
SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u10

Invalid SSH identification string.
Connection closed by foreign host.

$ ssh purism@l5
Linux pureos 6.12.0-1-librem5 #2 SMP PREEMPT 6.12.89pureos1~cri1 2026-05-16 17:47:56 UTC aarch64

You have no mail.
Last login: Wed Jun 10 00:11:32 2026
OK
inhibiting suspend ...
purism@pureos:~$

i.e. OpenSSH 9.2p1 and no warning (after deleting the config in ~/.ssh/config)

1 Like

Then the way forward is clear. Right?


Despite the fact that I didn’t verify that AI was able to give the right target version of OpenSSH, almost everything I have written above is correct anyway.

For those that really want to look into it

ssh -Q kexalgorithms

will list the supported Key Exchange algorithms. On desktop I’m on OpenSSH 9.6 and I do see “sntrup761x25519-sha512” but not the first listed algorithm.

AI appears to be right that I need OpenSSH 9.9 in order to get “mlkem768x25519-sha256”.

So the right target version depends on whether the goal is

a) to get rid of the warning message by starting the Post-Quantum journey (need 9.0 - so crimson)

or

b) to get both of the listed Post-Quantum key exchange algorithms (need 9.9 - so dawn unless someone backports).

This is now a bit off topic, or at least off-L5, but related to our thread. I’ve an Linux server on port 22, and a podman container running on this and port 6022 gets forwarded to its SSH daemon on port 22. Both system run as SSH daemon SSH-2.0-OpenSSH_9.6:

$ telnet 10.23.33.32 22
Trying 10.23.33.32...
Connected to srap57dxr1.dev.oclc.org.
Escape character is '^]'.
SSH-2.0-OpenSSH_9.6
$ telnet 10.23.33.32 6022
Trying 10.23.33.32...
Connected to srap57dxr1.dev.oclc.org.
Escape character is '^]'.
SSH-2.0-OpenSSH_9.6

A SSH session to the podman container 6022 gives the warning, the other to port 22 does not:

$ ssh -p 6022 sisis@10.23.33.32
** WARNING: connection is not using a post-quantum key exchange algorithm.
** This session may be vulnerable to "store now, decrypt later" attacks.
** The server may need to be upgraded. See https://openssh.com/pq.html
Last login: Wed Jun 10 10:48:14 2026 from 10.0.2.100
sisis@ae46c2c7222e:~>

Why is this?

(in the container)

Did you check using ssh -Q ... as suggested above?

Maybe check your /etc/ssh/sshd_config to make sure that the server isn’t excluding some Key Exchange algorithms. man sshd_config to see what it says is default for KexAlgorithms.

The above web site is really good for checking the security configuration of a SSH installation and suggesting improvements.

Here is the source.