Feature #16423: Enable Post Quantum Crypto Support in SSH Server - pfSense - pfSense bugtracker

Actions

Feature #16423

open

Status:

New

Priority:

Normal

Assignee:

Category:

Operating System

Target version:

Start date:

Due date:

% Done:

Estimated time:

Plus Target Version:

Release Notes:

Default

Description

The SSH server in 25.07.1 uses OpenSSH_9.7p1 which natively supports one PQC (post quantum crypto) key exchange algorithm.

/etc/ssh/sshd_config has the following setting:
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256

This should be updated to:
KexAlgorithms sntrup761x25519-sha512@openssh.com,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256

This will maintain compatibility with existing clients, but offer PQC to newer clients.

No data to display

Actions

Also available in: Atom PDF