GitHub 即将引入一项重要的安全更新，为访问 Git 数据增加一项新的抗量子安全 SSH 密钥交换算法：sntrup761x25519-sha512。此举旨在保护用户数据免受未来量子计算机的解密攻击，应对“现在存储，未来解密”的潜在威胁。该算法结合了 Streamlined NTRU Prime 和经典的 X25519 算法，以确保安全性的稳健。此更新仅影响 SSH 访问，不涉及 HTTPS，并将于 2025 年 9 月 17 日起在 GitHub.com 和部分 GitHub Enterprise Cloud 区域生效。大多数用户无需进行额外配置，新版 SSH 客户端将自动支持。

🛡️ **提升抗量子攻击安全性**：GitHub 将引入 sntrup761x25519-sha512 这一抗量子安全 SSH 密钥交换算法，以应对未来可能出现的、能够破解现有加密算法的量子计算机。这旨在防止“现在存储，未来解密”的攻击，确保用户数据的长期安全。

💻 **仅影响 SSH 访问**：此次安全更新仅针对通过 SSH 协议访问 Git 数据的方式，而不会影响使用 HTTPS 协议的访问。同时，位于美国区域且采用 FIPS 批准加密的 GitHub Enterprise Cloud 部署不受此更新影响。

🚀 **自动部署与兼容性**：新算法将于 2025 年 9 月 17 日起在 GitHub.com 和部分 GitHub Enterprise Cloud 区域启用。对于支持新算法（如 OpenSSH 9.0 及以上版本）的用户，SSH 客户端将自动选择使用。旧版客户端将回退到现有算法，但用户将无法获得抗量子安全保护，建议升级客户端以享受最新安全特性。

🧪 **验证支持情况**：用户可以通过运行 `ssh -Q kex` 命令来检查其 SSH 客户端是否支持 sntrup761x25519-sha512 或 sntrup761x25519-sha512@openssh.com。在 Linux、macOS 或 Git Bash 等环境中，可使用 `ssh -v git@github.com exit 2>&1 | grep 'kex: algorithm:'` 命令查看连接时实际使用的算法。

Today, we’re announcing some changes that will improve the security of accessing Git data over SSH.

What’s changing?

We’re adding a new post-quantum secure SSH key exchange algorithm, known alternately as sntrup761x25519-sha512 and sntrup761x25519-sha512@openssh.com, to our SSH endpoints for accessing Git data.

This only affects SSH access and doesn’t impact HTTPS access at all.

It also does not affect GitHub Enterprise Cloud with data residency in the United States region.

Why are we making these changes?

These changes will keep your data secure both now and far into the future by ensuring they are protected against future decryption attacks carried out on quantum computers.

When you make an SSH connection, a key exchange algorithm is used for both sides to agree on a secret. The secret is then used to generate encryption and integrity keys. While today’s key exchange algorithms are secure, new ones are being introduced that are secure against cryptanalytic attacks carried out by quantum computers.

We don’t know if it will ever be possible to produce a quantum computer powerful enough to break traditional key exchange algorithms. Nevertheless, an attacker could save encrypted sessions now and, if a suitable quantum computer is built in the future, decrypt them later. This is known as a “store now, decrypt later” attack.

To protect your traffic to GitHub when using SSH, we’re rolling out a hybrid post-quantum key exchange algorithm: sntrup761x25519-sha512 (also known by the older name sntrup761x25519-sha512@openssh.com). This provides security against quantum computers by combining a new post-quantum-secure algorithm, Streamlined NTRU Prime, with the classical Elliptic Curve Diffie-Hellman algorithm using the X25519 curve. Even though these post-quantum algorithms are newer and thus have received less testing, combining them with the classical algorithm ensures that security won’t be weaker than what the classical algorithm provides.

These changes are rolling out to github.com and non-US resident GitHub Enterprise Cloud regions. Only FIPS-approved cryptography may be used within the US region, and this post-quantum algorithm isn’t approved by FIPS.

When are these changes effective?

We’ll enable the new algorithm on September 17, 2025 for GitHub.com and GitHub Enterprise Cloud with data residency (with the exception of the US region).

This will also be included in GitHub Enterprise Server 3.19.

How do I prepare?

This change only affects connections with a Git client over SSH. If your Git remotes start with https://, you won’t be impacted by this change.

For most uses, the new key exchange algorithm won’t result in any noticeable change. If your SSH client supports sntrup761x25519-sha512@openssh.com or sntrup761x25519-sha512 (for example, OpenSSH 9.0 or newer), it will automatically choose the new algorithm by default if your client prefers it. No configuration change should be necessary unless you modified your client’s defaults.

If you use an older SSH client, your client should fall back to an older key exchange algorithm. That means you won’t experience the security benefits of using a post-quantum algorithm until you upgrade, but your SSH experience should continue to work as normal, since the SSH protocol automatically picks an algorithm that both sides support.

If you want to test whether your version of OpenSSH supports this algorithm, you can run the following command: ssh -Q kex. That lists all of the key exchange algorithms supported, so if you see sntrup761x25519-sha512 or sntrup761x25519-sha512@openssh.com, then it’s supported.

To check which key exchange algorithm OpenSSH uses when you connect to GitHub.com, run the following command on Linux, macOS, Git Bash, or other Unix-like environments:

$ ssh -v git@github.com exit 2>&1 | grep 'kex: algorithm:'

For other implementations of SSH, please see the documentation for that implementation.

What’s next?

We’ll keep an eye on the latest developments in security. As the SSH libraries we use begin to support additional post-quantum algorithms, including ones that comply with FIPS, we’ll update you on our offerings.

The post Post-quantum security for SSH access on GitHub appeared first on The GitHub Blog.