Securing Your Git SSH Connections Against Quantum Threats: A GitHub Guide

<h2 id="overview">Overview</h2> <p>Quantum computers may one day be powerful enough to break the cryptographic algorithms we rely on today. This isn't a hypothetical scenario—attackers can already <strong>store encrypted SSH sessions</strong> now and decrypt them later when suitable quantum hardware emerges. This is known as a <em>store-now-decrypt-later</em> attack.</p><figure style="margin:20px 0"><img src="https://github.blog/wp-content/uploads/2025/07/wallpaper-generic-blue.png?fit=1920%2C1080" alt="Securing Your Git SSH Connections Against Quantum Threats: A GitHub Guide" style="width:100%;height:auto;border-radius:8px" loading="lazy"><figcaption style="font-size:12px;color:#666;margin-top:5px">Source: github.blog</figcaption></figure> <p>To protect your Git data when accessing GitHub via SSH, GitHub is rolling out a new <strong>post-quantum secure key exchange algorithm</strong>: <code>sntrup761x25519-sha512</code> (also called <code>sntrup761x25519-sha512@openssh.com</code>). This hybrid algorithm combines the classical Elliptic Curve Diffie-Hellman (X25519) with the post-quantum Streamlined NTRU Prime. Even if Streamlined NTRU Prime later proves weaker than expected, the classical part still provides at least the same level of security we have today.</p> <p>This change affects <strong>SSH access only</strong>—not HTTPS connections. It will be enabled on <strong>GitHub.com and GitHub Enterprise Cloud (non-US regions) starting September 17, 2025</strong>, and will also be included in GitHub Enterprise Server 3.19.</p> <p>This guide explains everything you need to know to verify and prepare for this update, with step-by-step instructions.</p> <h2 id="prerequisites">Prerequisites</h2> <p>Before you begin, ensure you meet the following:</p> <ul> <li>You use <strong>Git over SSH</strong> for at least one remote pointing to GitHub (check your remotes with <code>git remote -v</code>). If your remotes start with <code>https://</code>, you are <strong>not affected</strong>.</li> <li>You have an SSH client installed. OpenSSH is the most common; verify with <code>ssh -V</code>.</li> <li>You are not in a <strong>United States data residency region</strong> (for GitHub Enterprise Cloud). The US region only permits FIPS-approved cryptography, and sntrup761x25519-sha512 is not FIPS-approved.</li> <li>Optionally, you can update your SSH client if it is too old (see below).</li> </ul> <h2 id="step-by-step">Step-by-Step Instructions</h2> <h3 id="check-ssh-client-version">1. Check Your SSH Client Version</h3> <p>The new algorithm is automatically preferred by <strong>OpenSSH 9.0 or newer</strong> (released April 8, 2022). To check your version:</p> <pre><code>ssh -V</code></pre> <p>Example output: <code>OpenSSH_9.6p1, OpenSSL 3.0.13 30 Jan 2024</code>. If your version is <strong>older than 9.0</strong>, you may need to upgrade or manually enable the algorithm (see Step 2).</p> <h3 id="verify-algorithm-support">2. Verify the Algorithm Is Supported by Your Client</h3> <p>Run the following command to see if your SSH client includes <code>sntrup761x25519-sha512@openssh.com</code>:</p> <pre><code>ssh -Q kex | grep sntrup</code></pre> <p>If it returns <code>sntrup761x25519-sha512@openssh.com</code> or <code>sntrup761x25519-sha512</code>, your client supports it. If not, you'll need to upgrade OpenSSH or use a different client (e.g., PuTTY with post-quantum patches).</p> <h3 id="test-connection-to-github">3. Test the New Key Exchange with GitHub</h3> <p>After the rollout date (September 17, 2025), you can force the new algorithm to confirm it works:</p> <pre><code>ssh -o KexAlgorithms=sntrup761x25519-sha512@openssh.com -T git@github.com</code></pre> <p>If successful, you'll see a message like <code>Hi username! You've successfully authenticated...</code>. No changes to your workflow are needed—Git will automatically use this algorithm if your client supports it.</p><figure style="margin:20px 0"><img src="https://github.blog/wp-content/uploads/2024/06/AI-DarkMode-4.png?resize=800%2C425" alt="Securing Your Git SSH Connections Against Quantum Threats: A GitHub Guide" style="width:100%;height:auto;border-radius:8px" loading="lazy"><figcaption style="font-size:12px;color:#666;margin-top:5px">Source: github.blog</figcaption></figure> <h3 id="check-git-remote-urls">4. Ensure Your Git Remotes Use SSH</h3> <p>Only SSH remotes are affected. To verify:</p> <pre><code>git remote -v</code></pre> <p>If you see URLs starting with <code>git@github.com:</code> or <code>ssh://git@github.com/</code>, you're using SSH. If they start with <code>https://</code>, no action is needed.</p> <h3 id="prepare-for-enterprise-server">5. Prepare for GitHub Enterprise Server (GHES) 3.19</h3> <p>If you run a self-hosted GHES instance, upgrade to version 3.19 when available. The new algorithm will be included by default. Verify client compatibility on your admin workstations.</p> <h2 id="common-mistakes">Common Mistakes</h2> <ul> <li><strong>Thinking HTTPS is affected.</strong> This change only applies to SSH connections. HTTPS uses different cryptographic protocols (TLS) and is not impacted.</li> <li><strong>Assuming all clients automatically pick the best algorithm.</strong> While OpenSSH 9.0+ does, older clients may fail if they don't support the algorithm. Always check your version.</li> <li><strong>Ignoring the US region exemption.</strong> If you're on GitHub Enterprise Cloud with data residency in the United States, the algorithm won't be enabled there due to FIPS restrictions. You must continue using only FIPS-approved algorithms.</li> <li><strong>Forgetting to test before the deadline.</strong> The algorithm will be enabled on September 17, 2025. Test your connection with the forced option (Step 3) after that date to ensure nothing breaks.</li> <li><strong>Assuming you need to update your keys or SSH config.</strong> The change is in the key exchange algorithm, not your authentication keys (RSA, Ed25519, etc.). Your existing keys will continue to work.</li> <li><strong>Believing quantum threats are far off.</strong> The store-now-decrypt-later attack is real today. Adding post-quantum security now is a prudent measure even if a cryptographically relevant quantum computer is decades away.</li> </ul> <h2 id="summary">Summary</h2> <p>GitHub is proactively protecting your SSH Git data against future quantum decryption by enabling the hybrid post-quantum key exchange <code>sntrup761x25519-sha512</code>. This change is automatic for most users (OpenSSH 9.0+), effective September 17, 2025 on GitHub.com and non-US GitHub Enterprise Cloud, and included in GHES 3.19. HTTPS connections and US region Enterprise Cloud users are unaffected. Verify your SSH client version and test compatibility to ensure a smooth transition. No other configuration changes are required.</p>