Skip to content

Upgrade OpenSSH on Gitea Docker to Mitigate Post-Quantum Warning #35653

@afonsofrancof

Description

@afonsofrancof

Description

Context

Here is an excerpt from the official OpenSSH post-quantum page.

Image

Issue

When trying to push with ssh to a repo, I get the warning.

❯ git push
** WARNING: connection is not using a post-quantum key exchange algorithm.
** This session may be vulnerable to "store now, decrypt later" attacks.
** The server may need to be upgraded. See https://openssh.com/pq.html

The Gitea instance (running in a Docker container) uses OpenSSH_9.2p1, while my client (macOS) is running OpenSSH_10.1.

Solution

We have two possible courses of action:

1 - Make the post-quantum algorithm that was introduced with OpenSSH 9.0 the default.
2 - Upgrade to a more recent version

Gitea Version

1.24.6

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions