• Share: Today, we’re announcing some changes that will improve the security of accessing Git data over SSH. • We’re adding a new post-quantum secure SSH key exchange algorithm, known alternately assntrup761x25519-sha512andsntrup761x25519-sha512@openssh.com , to our SSH endpoints for accessing Git data. • This only affects SSH access and doesn’t impact HTTPS access at all. • It also does not affect GitHub Enterprise Cloud with data residency in the United States region. • Why are we making these changes? • These changes will keep your data secure both now and far into the future by ensuring they are protected against future decryption attacks carried out on quantum computers.
Article Summaries:
- GitHub is adding a post‑quantum secure key‑exchange algorithm (sntrup761x25519‑sha512) to its SSH endpoints to protect Git data in transit. The change, effective September 17 2025 for github.com and non‑US Enterprise Cloud regions, will also ship with GitHub Enterprise Server 3.19. It does not affect HTTPS traffic or US‑resident Enterprise Cloud sites, which must remain FIPS‑approved. Clients that support the new algorithm (e.g., OpenSSH 9.0+) will use it automatically; older clients will fall back to legacy key exchanges. No configuration changes are required, and the update is intended to guard against future quantum‑computer decryption attacks.
Sources: