Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

When will openssh server in Amazon linux 2023 support Post Quantum Ciphers

0

OSX 26.3 released around Feb 11, 2026 now have openssh 10 which now by default shows a client side warning message when it tries to connect to an ssh server that does not support the newer quantum safe ciphers.

** WARNING: connection is not using a post-quantum key exchange algorithm.
** This session may be vulnerable to "store now, decrypt later" attacks.
** The server may need to be upgraded. See https://openssh.com/pq.html

The latest Amazon linux 2023 build "PRETTY_NAME="Amazon Linux 2023.10.20260302" ships with OpenSSH_8.7p1 which is lacking these ciphers.
**What is the plan from Amazon to upgrade the openssh server package within their distribution to support newer ciphers. ** Currently we have managed to suppress the warning msg by asking end users to add this to their $HOME/.ssh./config file

# Needed as OSX 26.3 now shows warning of Post Quatum Cipher not being supported on server
# This will just remove the warning, it will still attempt to use the strongest cipher, so when server is upgrades, you will get the benefit
Host *
        WarnWeakCrypto no-pq-kex
Topics
Compute
Tags
EncryptionAmazon EC2Amazon Linux
Language
English
asked 2 months ago196 views
3 Answers
5
Accepted Answer

Hi, I'm also a macOS user and have seen this since the recent update to macOS 26.3 (which bundled OpenSSH 10.0). This version now actively warns users about 'Store Now, Decrypt Later' (SNDL) risks.

While I personally recommend using AWS Systems Manager (SSM) Session Manager to access EC2 instances (as it's the AWS-recommended, more secure way that doesn't require opening port 22 or managing SSH keys), here is the technical background for your OpenSSH question:

The warning message observed in macOS 26.3 is a result of OpenSSH 10.0+ enforcing visibility on "Store Now, Decrypt Later" (SNDL) risks.

Technical:

  • AL2023 Status: Currently ships with OpenSSH 8.7p1. Post-Quantum Key Exchange (specifically sntrup761) was introduced in OpenSSH 9.0.
  • The Gap: Because AL2023 focuses on predictable stability, it does not automatically track the latest upstream "bleeding edge" versions.

Path Forward:

  • Official Request: As of now, AWS hasn't published a specific date for the OpenSSH 9.x/10.x transition in the AL2023 repositories. I recommend monitoring the AL2023 Release Notes -> https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes.html
  • Mitigation: Your current workaround (WarnWeakCrypto no-pq-kex) is the correct operational approach to maintain UX without compromising existing security.

Security Context:

  • The warning is proactive. Current AES-256/ECDSA encryption is still secure against all existing classical computers. The PQC update is a 'future-proofing' measure.

Perhaps it would be also a way when you report it via https://github.com/amazonlinux/amazon-linux-2023/issues

Regarding access your EC2 via SSM, see: https://repost.aws/knowledge-center/install-ssm-agent-ec2-linux

PS: I'm not an AWS employee, just a fellow Mac/Amazon Linux user. Hope this helps!

EXPERT
answered 2 months ago
2

Hello,

As you have mentioned, currently Amazon Linux 2023 (AL2023) ships with OpenSSH 8.7 which does not natively support PQC (Post-Quantum Cryptography) key exchange. This predates the post-quantum key exchange algorithms introduced in OpenSSH 9.0+ (and further enhanced in OpenSSH 10.0).

Post-Quantum Cryptography Migration Plan

AWS has published a comprehensive Post-Quantum Cryptography Migration Plan that outlines a multi-layered approach across four workstreams [1] :

--> Workstream 1: Inventory of existing systems, identification and development of new standards, testing, and migration planning.

--> Workstream 2: Integration of PQC algorithms on public AWS endpoints to provide long-lived confidentiality of customer data transmitted to AWS.

--> Workstream 3: Integration of PQC signing algorithms into AWS cryptographic services to enable customers to deploy new post-quantum long-lived roots of trust to be used for functions such as software, firmware, and document signing.

--> Workstream 4: Integration of PQC signing algorithms into AWS services to enable the use of post-quantum signatures for session-based authentication such as server and client certificate validation.

Regarding OpenSSH Updates:

While AWS is actively working on PQC integration across services, specific timelines for OpenSSH package upgrades in Amazon Linux 2023 are not available.

Unfortunately, it is unlikely to bump OpenSSH since they are subject to FIPS 140-3 validation. This version will most likely be in scope for the subsequent release of Amazon Linux.

Next Steps

You may perform the following actions :

--> Submit feedback through the Amazon Linux GitHub repository to ensure your use case is visible to the product team : https://github.com/amazonlinux/amazon-linux-2023/issues/

--> Monitor the Amazon Linux 2023 release notes for any potential OpenSSH package updates : https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes.html

References

[1] PQC Migration plan : https://aws.amazon.com/blogs/security/aws-post-quantum-cryptography-migration-plan/

[2] https://github.com/amazonlinux/amazon-linux-2023/issues/894

AWS
answered 2 months ago
AWS
EXPERT
reviewed 2 months ago
2

Note: The issue/report to update OpenSSH 9.x/10.x on Github is here: https://github.com/amazonlinux/amazon-linux-2023/issues/894 (👍for the issue are welcome).

answered 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content