Feature #16423
open
Enable Post Quantum Crypto Support in SSH Server
0%
Description
The SSH server in 25.07.1 uses OpenSSH_9.7p1 which natively supports one PQC (post quantum crypto) key exchange algorithm.
/etc/ssh/sshd_config has the following setting:
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
This should be updated to:
KexAlgorithms sntrup761x25519-sha512@openssh.com,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
This will maintain compatibility with existing clients, but offer PQC to newer clients.
Updated by KStar Runner 6 days ago
One should also consider removing support for AES-128. Based on Grover's Algorithm, AES's strength is cut in half. While AES-256 (and other 256bit symmetric crypto) is fine, 128bit symmetric crypto (like AES-128) is not.
Current:
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
Recommended:
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr
There isn't any remotely modern SSH client that doesn't support AES-256. Plus, with CPU acceleration for AES (like AES-NI and QAT) the performance difference is academic. And for the few systems without CPU acceleration, SSH is not a major management route to most pfSense instances anyway, so it's extremely unlikely that any user will notice.
Updated by Steve Wheeler 6 days ago
- Status changed from New to Pull Request Review
- Target version set to 2.9.0
- Plus Target Version set to 25.11