Overview
Quantum computers may one day be powerful enough to break the cryptographic algorithms we rely on today. This isn't a hypothetical scenario—attackers can already store encrypted SSH sessions now and decrypt them later when suitable quantum hardware emerges. This is known as a store-now-decrypt-later attack.
To protect your Git data when accessing GitHub via SSH, GitHub is rolling out a new post-quantum secure key exchange algorithm: sntrup761x25519-sha512 (also called sntrup761x25519-sha512@openssh.com). This hybrid algorithm combines the classical Elliptic Curve Diffie-Hellman (X25519) with the post-quantum Streamlined NTRU Prime. Even if Streamlined NTRU Prime later proves weaker than expected, the classical part still provides at least the same level of security we have today.
This change affects SSH access only—not HTTPS connections. It will be enabled on GitHub.com and GitHub Enterprise Cloud (non-US regions) starting September 17, 2025, and will also be included in GitHub Enterprise Server 3.19.
This guide explains everything you need to know to verify and prepare for this update, with step-by-step instructions.
Prerequisites
Before you begin, ensure you meet the following:
- You use Git over SSH for at least one remote pointing to GitHub (check your remotes with
git remote -v). If your remotes start withhttps://, you are not affected. - You have an SSH client installed. OpenSSH is the most common; verify with
ssh -V. - You are not in a United States data residency region (for GitHub Enterprise Cloud). The US region only permits FIPS-approved cryptography, and sntrup761x25519-sha512 is not FIPS-approved.
- Optionally, you can update your SSH client if it is too old (see below).
Step-by-Step Instructions
1. Check Your SSH Client Version
The new algorithm is automatically preferred by OpenSSH 9.0 or newer (released April 8, 2022). To check your version:
ssh -VExample output: OpenSSH_9.6p1, OpenSSL 3.0.13 30 Jan 2024. If your version is older than 9.0, you may need to upgrade or manually enable the algorithm (see Step 2).
2. Verify the Algorithm Is Supported by Your Client
Run the following command to see if your SSH client includes sntrup761x25519-sha512@openssh.com:
ssh -Q kex | grep sntrupIf it returns sntrup761x25519-sha512@openssh.com or sntrup761x25519-sha512, your client supports it. If not, you'll need to upgrade OpenSSH or use a different client (e.g., PuTTY with post-quantum patches).
3. Test the New Key Exchange with GitHub
After the rollout date (September 17, 2025), you can force the new algorithm to confirm it works:
ssh -o KexAlgorithms=sntrup761x25519-sha512@openssh.com -T git@github.comIf successful, you'll see a message like Hi username! You've successfully authenticated.... No changes to your workflow are needed—Git will automatically use this algorithm if your client supports it.
4. Ensure Your Git Remotes Use SSH
Only SSH remotes are affected. To verify:
git remote -vIf you see URLs starting with git@github.com: or ssh://git@github.com/, you're using SSH. If they start with https://, no action is needed.
5. Prepare for GitHub Enterprise Server (GHES) 3.19
If you run a self-hosted GHES instance, upgrade to version 3.19 when available. The new algorithm will be included by default. Verify client compatibility on your admin workstations.
Common Mistakes
- Thinking HTTPS is affected. This change only applies to SSH connections. HTTPS uses different cryptographic protocols (TLS) and is not impacted.
- Assuming all clients automatically pick the best algorithm. While OpenSSH 9.0+ does, older clients may fail if they don't support the algorithm. Always check your version.
- Ignoring the US region exemption. If you're on GitHub Enterprise Cloud with data residency in the United States, the algorithm won't be enabled there due to FIPS restrictions. You must continue using only FIPS-approved algorithms.
- Forgetting to test before the deadline. The algorithm will be enabled on September 17, 2025. Test your connection with the forced option (Step 3) after that date to ensure nothing breaks.
- Assuming you need to update your keys or SSH config. The change is in the key exchange algorithm, not your authentication keys (RSA, Ed25519, etc.). Your existing keys will continue to work.
- Believing quantum threats are far off. The store-now-decrypt-later attack is real today. Adding post-quantum security now is a prudent measure even if a cryptographically relevant quantum computer is decades away.
Summary
GitHub is proactively protecting your SSH Git data against future quantum decryption by enabling the hybrid post-quantum key exchange sntrup761x25519-sha512. This change is automatic for most users (OpenSSH 9.0+), effective September 17, 2025 on GitHub.com and non-US GitHub Enterprise Cloud, and included in GHES 3.19. HTTPS connections and US region Enterprise Cloud users are unaffected. Verify your SSH client version and test compatibility to ensure a smooth transition. No other configuration changes are required.