5 Key Changes to Secure Your SSH Access Against Quantum Threats on GitHub

As quantum computing inches closer to reality, the need for cryptographic methods that can withstand future decryption attacks has never been more urgent. GitHub is taking a proactive step by introducing a new post-quantum SSH key exchange algorithm. This update, rolling out in September 2025, will safeguard Git data transmitted over SSH from the “store now, decrypt later” threat. Here’s a breakdown of the five essential things you need to know about this change.

1. What Is a Post-Quantum SSH Key Exchange?

When you connect via SSH, a key exchange algorithm establishes a shared secret between your client and the server. This secret is later used to generate encryption keys for your session. Traditional algorithms like Diffie-Hellman and ECDH are secure against today’s computers, but they could be broken by a sufficiently powerful quantum machine in the future. GitHub is adding a new hybrid algorithm called sntrup761x25519-sha512 (also known as sntrup761x25519-sha512@openssh.com). This combines a post-quantum-secure algorithm, Streamlined NTRU Prime, with the classical X25519 Elliptic Curve Diffie-Hellman. The result is a key exchange that resists both classical and quantum attacks, ensuring your Git data remains confidential even decades from now. This change only affects SSH access; HTTPS connections are unchanged.

2. Why GitHub Is Adding This New Algorithm Now

The primary reason is the “store now, decrypt later” attack. Attackers can capture encrypted SSH sessions today and store them. If a quantum computer capable of breaking classical encryption ever emerges, those stored sessions could be decrypted, exposing historical data. By implementing a post-quantum algorithm today, GitHub protects your current and future Git traffic from this risk. While the timeline for a cryptographically relevant quantum computer is uncertain—many experts believe it could be decades away—the threat is real enough to warrant early action. GitHub is taking a pragmatic approach: the hybrid algorithm ensures that even if the post-quantum component has unforeseen weaknesses, the classical X25519 layer maintains a high level of security. This change is part of a broader industry push toward quantum-resistant cryptography, and it applies only to SSH access to Git data. HTTPS connections and GitHub Enterprise Cloud with data residency in the US region are not affected.

3. How the Hybrid Algorithm Works to Protect You

The new key exchange algorithm, sntrup761x25519-sha512, operates as a hybrid: it runs both a post-quantum algorithm (Streamlined NTRU Prime) and a classical algorithm (X25519 ECDH) in parallel. The two results are combined to produce a shared secret that is used to derive session keys. This design means that an attacker would need to break both algorithms to compromise the session. Streamlined NTRU Prime is a lattice-based candidate selected by the NIST post-quantum cryptography standardization process. It is considered resistant to quantum attacks, but being newer, it has undergone less cryptanalysis than classical algorithms. The hybrid approach mitigates this risk: if the post-quantum component is ever found to be flawed, the classical component still provides robust security against all known attacks (except quantum ones). The hash function SHA-512 is used for the final derivation. GitHub has implemented this algorithm in its SSH endpoints for Git data, ensuring that sessions use the strongest available protection automatically when the client supports it.

4. When and Where This Change Takes Effect

GitHub will enable the new algorithm on September 17, 2025 for all users of GitHub.com and GitHub Enterprise Cloud (GHEC) with data residency, with one exception: the US region. Due to FIPS 140-2 requirements, only FIPS-approved cryptography may be used within the US. Since this post-quantum algorithm is not yet FIPS-approved, GHEC customers in the US region will not receive the update at this time. The change is also included in GitHub Enterprise Server (GHES) 3.19, which will be released around the same date. For self-hosted GHES instances, administrators should plan to upgrade to version 3.19 to benefit from quantum-resistant SSH key exchange. Note that this only applies to connections made over SSH; HTTPS remotes (starting with https://) are completely unaffected. If your organization uses SSH keys for Git operations, the new algorithm will be used automatically once your client supports it.

5. How to Prepare Your SSH Client for the Update

For the vast majority of users, no action is required. If your SSH client is OpenSSH 9.0 or newer, or any other client that supports the sntrup761x25519-sha512@openssh.com algorithm, it will automatically negotiate this key exchange when connecting to GitHub’s updated endpoints. You can verify your OpenSSH version by running ssh -V in your terminal. If you are using an older client, consider upgrading to the latest version. Windows users with the built-in OpenSSH client may need to update via optional features or use the latest Windows 11 builds. macOS users typically have an up-to-date version through system updates. Linux users can install or compile a newer version if needed. To confirm that your connection is using the new algorithm, you can run SSH with verbose logging: ssh -v git@github.com 2>&1 | grep "KEX algorithm". If you see sntrup761x25519-sha512 listed, you are protected. No changes to your Git remotes or SSH keys are required—the key exchange is handled transparently at the protocol level.

By embracing post-quantum cryptography now, GitHub is helping ensure that your code and collaboration remain secure far into the future. This update strengthens SSH access against the coming quantum threat without disrupting your existing workflows. As the landscape evolves, staying informed about such changes will keep your development environment resilient. Whether you’re an individual developer or part of a large enterprise, taking a moment to verify your SSH client’s compatibility is a small step that pays long-term dividends in security.