OpenSSH begins warning for non-PQC key exchanges
Summary
OpenSSH is warning when non post-quantum key exchanges are used and emphasizes the default use of post-quantum KEX algorithms, with two standard options mlkem768x25519-sha256 and sntrup761x25519-sha512. It explains the store-now, decrypt-later risk from quantum attacks, and provides migration guidance including upgrading servers or using WarnWeakCrypto selectively. It also describes the concept of hybrids and future post-quantum signatures.