Fix: SSH Warning 'Connection is Not Using a Post-Quantum Key Exchange Algorithm'
by Sansec
Published in Guides
How to fix the OpenSSH post-quantum warning on Adobe Commerce Cloud and what "store now, decrypt later" means.
What to do
Users of Adobe Commerce Cloud may receive the following message when connecting via SSH:
** WARNING: connection is not using a post-quantum key exchange algorithm.
** This session may be vulnerable to "store now, decrypt later" attacks.
** The server may need to be upgraded. See https://openssh.com/pq.html
This means that Adobe should update their SSH software to improve future security. However, at the moment the risk is tiny and until Adobe has upgraded their platform, you can ignore the warning by adding this to your local SSH config:
cat >> ~/.ssh/config <<EOQ
Host *.magento.cloud *.magentosite.cloud
WarnWeakCrypto no
EOQ
What Does "Store Now, Decrypt Later" Mean?
When you connect to a server via SSH, your computer and the server agree on a secret key to encrypt your conversation. This process, called "key exchange," relies on math problems that are extremely hard for today's computers to solve. Even the most powerful supercomputers would need millions of years to crack them.
However, quantum computers work differently. They can solve certain math problems exponentially faster than regular computers. While today's quantum computers are still too primitive to break SSH encryption, they're improving rapidly. Security researchers worry about a "store now, decrypt later" attack: a malicious actor could record your encrypted SSH sessions today and store them. Years from now, when quantum computers become powerful enough, they could decrypt those recordings and access any sensitive data that was transmitted.
Post-quantum cryptography uses new mathematical approaches that are believed to be resistant to both classical and quantum computers. When your SSH client shows this warning, it means the connection is using older key exchange methods that could theoretically be vulnerable to future quantum attacks. The practical risk today is minimal because no one has a quantum computer capable of breaking SSH encryption yet. Upgrading to post-quantum algorithms provides protection against this future threat.
In this article
Protect your store now!
Block all known Magento attacks, while you schedule the latest critical patch until a convenient moment. No more downtime and instability from rushed patching.
Get Sansec Shield
