openssh bugs - Oct 2025 - [Bug 3881] New: Warning should mention client too

https://bugzilla.mindrot.org/show_bug.cgi?id=3881

            Bug ID: 3881
           Summary: Warning should mention client too
           Product: Portable OpenSSH
           Version: 10.2p1
          Hardware: Other
                OS: Other
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: Documentation
          Assignee: unassigned-bugs at mindrot.org
          Reporter: jidanni at jidanni.org

Regarding this warning:

** WARNING: connection is not using a post-quantum key exchange
algorithm.
** This session may be vulnerable to "store now, decrypt later"
attacks.
** The server may need to be upgraded. See https://openssh.com/pq.html

Sometimes it is not the "server may need to be upgraded."

Sometimes it is...

###
Thank you for contacting Dream Host support, my name is Kym. I'd be
glad                             
to help!                                                                

Sorry to hear about the issues. What's happening here is due to changes 
in your local OpenSSH client, not anything that changed on DreamHost's  
servers. The newest OpenSSH versions have tightened their security      
defaults and now warn when older ssh-rsa host keys (which use the SHA-1 
algorithm) are still cached locally. DreamHost's servers already
support                             
newer and stronger key types like ED25519 and ECDSA, but your client
will                            
continue to use the older one saved in your ~/.ssh/known_hosts file
until                            
you update it.                                                          

To resolve this, you just need to refresh the stored host key on your   
computer. Run the command ssh-keygen -R jidanni.org to remove the       
outdated key, then connect again with ssh -vv jidanni.org and accept
the                             
new ED25519 key when prompted. If you've ever connected using another   
alias, like the server's full hostname (servername.dreamhost.com),
you'll                            
want to remove that entry too. Also, check your ~/.ssh/config file and  
make sure there aren't any lines forcing old algorithms such as         
HostkeyAlgorithms +ssh-rsa.                           
###

Therefore the message needs to be enhanced.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3881

Darren Tucker <dtucker at dtucker.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |dtucker at dtucker.net

--- Comment #1 from Darren Tucker <dtucker at dtucker.net> ---
(In reply to Dan Jacobson from comment #0)
[...]
> To resolve this, you just need to refresh the stored host key on your
> computer. Run the command ssh-keygen -R jidanni.org to remove the
> outdated key, then connect again with ssh -vv jidanni.org and accept the
> new ED25519 key when prompted.
That's not particularly good advice: when you reconnect the first time
after deleting the host key you are vulnerable to a MITM attack.  They
should at least provide a secure method of verifying the new host key,
or...

$ telnet jidanni.org 22
Trying 69.163.177.88...
Connected to jidanni.org.
Escape character is '^]'.
SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.13

That version has the UpdateHostKeys option (it was introduced[0] in
8.6) that allows the client to learn new host keys in a secure manner. 
Since this didn't happen presumably it's disabled in either the client
or server?

[0] https://www.openssh.com/releasenotes.html#8.6

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3881

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org

--- Comment #2 from Damien Miller <djm at mindrot.org> ---
Dream Host's information is incorrect and irrelevant to this warning.
The warning has nothing to do with key types.

I suggest that you request Dream Host support reads
https://openssh.com/pq.html

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3881

Dan Jacobson <jidanni at jidanni.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |INVALID

--- Comment #3 from Dan Jacobson <jidanni at jidanni.org> ---
OK, now Dreamhost says:
---------
I reviewed your earlier notes, and the warning you?re seeing relates to 
new post-quantum key exchange (KEX) algorithms introduced in the latest 
OpenSSH versions. At this time, the servers on our shared hosting
network                            
use a secure, stable OpenSSH build that does not yet include the        
post-quantum hybrid key exchange algorithms.                            
 Your connection is still fully encrypted and secure under the current  
SSH standards. The warning from your local client is informational and  
appears because your version of OpenSSH now supports experimental       
post-quantum algorithms that are not yet widely adopted across most     
production systems.
---------
So ssh's warning is indeed correct and I will close this bug.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.