Alert when SSHing into my server.

leehinde

I can connect just fine, but I see this:

** WARNING: connection is not using a post-quantum key exchange algorithm.
** This session may be vulnerable to "store now, decrypt later" attacks.
** The server may need to be upgraded. See https://openssh.com/pq.html

ssh -V returns: OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017

Can I upgrade ssh on my server or is that a you thing?

sean

leehinde I suspect your local SSH client was recently upgraded to OpenSSH >= 10.1 (which introduced this particular warning). Per the linked page, the message is referencing a future problem for which no attack exists yet so there is no immediate concern.

The warning occurs only when logging in to our CentOS 7 servers (which run the older SSH version you noted) from an updated SSH client. The warning does not occur when logging in to our AlmaLinux 9 servers.

If you don't want to see the warning you have 2 options:

Migrate to an AlmaLinux 9 server, or...

Add the following line to your local ~/.ssh/config:

WarnWeakCrypto no-pq-kex

leehinde

I can ignore a warning as well as the next guy.

Thanks.