Times have changed since we were last here. Since then, SSH signing has become popular1, I got some FIDO2 security keys, and post-quantum cryptography has gotten a lot better. It's time for some renovations! SSH authentication We want to prevent connecting to hosts without PQC. To do so, we can simply add the following lines to our ~/.ssh/config: Match host * KexAlgorithms mlkem768x25519-sha256,sntrup761x25519-sha512@openssh.com This forces the use of the post-quantum key agreement algorith...
No comments yet. Log in to reply on the Fediverse. Comments will appear here.