SSH post-quantum warning

February 28, 2026

macOS 26.3 upgraded the OpenSSH client to OpenSSH 10.2, which added a warning about SSH server key exchange with non-post-quantum algorithms. The warning was added in OpenSSH 10.1, but macOS 26.3 is the first macOS release to include it from Apple. The warning is meant to alert users that their SSH server may not be using these newer, more secure kex algorithms.

** WARNING: connection is not using a post-quantum key exchange algorithm. ** This session may be vulnerable to “store now, decrypt later” attacks. ** The server may need to be upgraded. See https://openssh.com/pq.html

The message will hopefully get the SSH server system admin to upgrade their SSH server to support post-quantum key exchange algorithms, which will provide better security against future quantum computer attacks. The OpenSSH PQ page has more information about the post-quantum key exchange algorithms and how to disable the warning on the client side if necessary. Disable the warning per host so you’re not totally blind to the security of the SSH servers you connect to.