Yesterday I’ve had to update my MacBook to to MacOS 26.5.1 and on SSH from this into the L5 via USB tethering it now said:
$ ssh purism@10.42.0.1
** WARNING: connection is not using a post-quantum key exchange algorithm.
** This session may be vulnerable to "store now, decrypt later" attacks.
** The server may need to be upgraded. See https://openssh.com/pq.html
Linux pureos 6.6.0-1-librem5 #2 SMP PREEMPT 6.6.139pureos1 2026-05-16 18:17:42 UTC aarch64
Last login: Mon Jun 8 11:15:22 2026 from 10.42.0.18
OK
inhibiting suspend ...
purism@pureos:~$
The explanation I’ve got from AI was that future post quantum servers could break into such sessions.
Its recommendation was:
How to Fix or Suppress It
Upgrade the Server (Recommended)
If you manage the server you
are connecting to, upgrade the OS and OpenSSH to version 9.9 or
higher to enable modern key exchange algorithms like
mlkem768x25519-sha256 or sntrup761x25519-sha512
Suppress the Warning on Your Client Machine
If you cannot upgrade
the server (e.g., connecting to services like Bitbucket or Microsoft
Azure DevOps), you can silence the warning on your local computer.
Open your ~/.ssh/config file and add the following lines:
vim ~/.ssh/config
Host *
IgnoreUnknown WarnWeakCrypto
WarnWeakCrypto no-pq-kex
Yes, that is the meaning of “store now, decrypt later”.
An attacker could record the entire encrypted SSH session now, storing it until such time in the future when the key exchange algorithm (presumably Diffie-Hellman) can be broken by a Quantum Computer. Then, from the now broken encryption the attacker may be able to extract a plaintext password (although apparently you are not using one) but in any case break the confidentiality of the SSH session.
The whole thing is less of an issue with a local session (as is apparently the case, given the 10/8 IP address). If someone is recording your local network sessions then you may already have a fairly serious security problem. It is much more of an issue for SSH sessions over the public internet.
Since byzantium is basically not the official release now, you should upgrade to crimson. I don’t know what version of the SSH server that will get you but for sure that upgrade is a starting point i.e. see whether the warning goes away once the phone is running crimson.
So upgrade to crimson now, upgrade to dawn as soon as it is released - then supersede any confidential material that has been transmitted over the internet using earlier versions of SSH … for those who take their security very seriously.
One of my other L5 devices runs Crimson and the situation is like this:
$ telnet l5 22
Trying 192.168.178.49...
Connected to l5.
Escape character is '^]'.
SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u10
Invalid SSH identification string.
Connection closed by foreign host.
$ ssh purism@l5
Linux pureos 6.12.0-1-librem5 #2 SMP PREEMPT 6.12.89pureos1~cri1 2026-05-16 17:47:56 UTC aarch64
You have no mail.
Last login: Wed Jun 10 00:11:32 2026
OK
inhibiting suspend ...
purism@pureos:~$
i.e. OpenSSH 9.2p1 and no warning (after deleting the config in ~/.ssh/config)
Despite the fact that I didn’t verify that AI was able to give the right target version of OpenSSH, almost everything I have written above is correct anyway.
For those that really want to look into it
ssh -Q kexalgorithms
will list the supported Key Exchange algorithms. On desktop I’m on OpenSSH 9.6 and I do see “sntrup761x25519-sha512” but not the first listed algorithm.
AI appears to be right that I need OpenSSH 9.9 in order to get “mlkem768x25519-sha256”.
So the right target version depends on whether the goal is
a) to get rid of the warning message by starting the Post-Quantum journey (need 9.0 - so crimson)
or
b) to get both of the listed Post-Quantum key exchange algorithms (need 9.9 - so dawn unless someone backports).
This is now a bit off topic, or at least off-L5, but related to our thread. I’ve an Linux server on port 22, and a podman container running on this and port 6022 gets forwarded to its SSH daemon on port 22. Both system run as SSH daemon SSH-2.0-OpenSSH_9.6:
$ telnet 10.23.33.32 22
Trying 10.23.33.32...
Connected to srap57dxr1.dev.oclc.org.
Escape character is '^]'.
SSH-2.0-OpenSSH_9.6
$ telnet 10.23.33.32 6022
Trying 10.23.33.32...
Connected to srap57dxr1.dev.oclc.org.
Escape character is '^]'.
SSH-2.0-OpenSSH_9.6
A SSH session to the podman container 6022 gives the warning, the other to port 22 does not:
$ ssh -p 6022 sisis@10.23.33.32
** WARNING: connection is not using a post-quantum key exchange algorithm.
** This session may be vulnerable to "store now, decrypt later" attacks.
** The server may need to be upgraded. See https://openssh.com/pq.html
Last login: Wed Jun 10 10:48:14 2026 from 10.0.2.100
sisis@ae46c2c7222e:~>
Did you check using ssh -Q ... as suggested above?
Maybe check your /etc/ssh/sshd_config to make sure that the server isn’t excluding some Key Exchange algorithms. man sshd_config to see what it says is default for KexAlgorithms.