Project

General

Profile

Actions

Feature #16423

open

Enable Post Quantum Crypto Support in SSH Server

Added by KStar Runner about 1 month ago. Updated 6 days ago.

Status:
Pull Request Review
Priority:
Normal
Assignee:
-
Category:
Operating System
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
25.11
Release Notes:
Default

Description

The SSH server in 25.07.1 uses OpenSSH_9.7p1 which natively supports one PQC (post quantum crypto) key exchange algorithm.

/etc/ssh/sshd_config has the following setting:
KexAlgorithms ,diffie-hellman-group-exchange-sha256

This should be updated to:
KexAlgorithms ,,diffie-hellman-group-exchange-sha256

This will maintain compatibility with existing clients, but offer PQC to newer clients.

Actions #1

Updated by KStar Runner 6 days ago

One should also consider removing support for AES-128. Based on Grover's Algorithm, AES's strength is cut in half. While AES-256 (and other 256bit symmetric crypto) is fine, 128bit symmetric crypto (like AES-128) is not.

Current:
Ciphers ,,,aes256-ctr,aes192-ctr,aes128-ctr

Recommended:
Ciphers ,,aes256-ctr

There isn't any remotely modern SSH client that doesn't support AES-256. Plus, with CPU acceleration for AES (like AES-NI and QAT) the performance difference is academic. And for the few systems without CPU acceleration, SSH is not a major management route to most pfSense instances anyway, so it's extremely unlikely that any user will notice.

Actions #2

Updated by Steve Wheeler 6 days ago

  • Status changed from New to Pull Request Review
  • Target version set to 2.9.0
  • Plus Target Version set to 25.11
Actions

Also available in: Atom PDF