OpenSSH
Is PQC enabled? — quick check
macOS / Linux / Windows OpenSSH
ssh -v -o KexAlgorithms=mlkem768x25519-sha256,sntrup761x25519-sha512@openssh.com user@host 2>&1 | grep -i "kex: algorithm"Expected when PQC is ON
debug1: kex: algorithm: mlkem768x25519-sha256
debug1: kex: host key algorithm: ssh-ed25519What you'll see when PQC is OFF
Unable to negotiate with 1.2.3.4 port 22: no matching key exchange method found.
Their offer: curve25519-sha256,ecdh-sha2-nistp256,...If you see the 'Unable to negotiate' line, the remote sshd predates OpenSSH 9.x or has hybrid KEX disabled.
OpenSSH added the hybrid post-quantum key exchange
sntrup761x25519-sha512@openssh.com in 9.0 (Apr 2022) and
mlkem768x25519-sha256 in 9.9 (Sep 2024). 9.9+ enables ML-KEM hybrid by
default ahead of classical X25519.
Check your version
if ! command -v ssh >/dev/null 2>&1; then
echo 'OpenSSH client was not found.'
printf 'Install OpenSSH client now? [y/N] '; read answer
case "$answer" in [Yy]*) sudo apt-get update && sudo apt-get install -y openssh-client ;; *) exit 1 ;; esac
fi
ssh -V
# OpenSSH_9.9p1, ...Force the order (server)
In /etc/ssh/sshd_config:
KexAlgorithms mlkem768x25519-sha256,sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.orgForce the order (client)
In ~/.ssh/config:
Host *
KexAlgorithms mlkem768x25519-sha256,sntrup761x25519-sha512@openssh.com,curve25519-sha256Verify
if ! command -v ssh >/dev/null 2>&1; then
echo 'OpenSSH client was not found.'
printf 'Install OpenSSH client now? [y/N] '; read answer
case "$answer" in [Yy]*) sudo apt-get update && sudo apt-get install -y openssh-client ;; *) exit 1 ;; esac
fi
ssh -v user@host 2>&1 | grep "kex: algorithm"
# expect: kex: algorithm: mlkem768x25519-sha256Why this matters
SSH sessions to long-lived servers are a juicy target for "harvest now, decrypt later". Enabling hybrid PQC on every SSH endpoint you control is one of the highest-leverage moves you can make this year.