OpenSSH supports a number of cryptographic key agreement algorithms considered to be safe against attacks from quantum computers. We recommend that all SSH connections use these algorithms. OpenSSH has offered post-quantum key agreement (KexAlgorithms) by default since release 9.0 (2022), initially via the sntrup761x25519-sha512 algorithm. More recently, in OpenSSH 9.9, we have added a second post-quantum key agreement mlkem768x25519-sha256 and it was made the default scheme in OpenSSH 10.0. To ...