chandlerswift/machine-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

sam: Squelch post-quantum warn on Azure Devops SSH

Browse source 
Connecting to ADO gives this warning:

    ** WARNING: connection is not using a post-quantum key exchange algorithm.
    ** This session may be vulnerable to "store now, decrypt later" attacks.
    ** The server may need to be upgraded. See https://openssh.com/pq.html

ADO doesn't support any flavor of keys besides RSA. There are several
issues open about this on their feedback site, and it's been radio
silence:

https://developercommunity.visualstudio.com/t/support-non-rsa-keys-for-ssh-authentication/365980
https://developercommunity.visualstudio.com/t/11032779

And Microsoft has nothing to say besides vague "we've routed your
feedback to the appropriate product team".

There's more information on the warning at OpenSSH's docs page:

https://www.openssh.org/pq.html
This commit is contained in:
Chandler Swift 2026-02-11 09:29:19 -06:00
parent 0f38e26d7f
commit 7ffe208af9
No known key found for this signature in database
GPG key ID: B123483B24A4D579
1 changed files with 1 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
sam/configuration.nix
View file

@ -222,6 +222,7 @@
programs.ssh = { programs.ssh = {
enable = true; enable = true;
matchBlocks."*".addKeysToAgent = "yes"; matchBlocks."*".addKeysToAgent = "yes";
matchBlocks."ssh.dev.azure.com".extraOptions.WarnWeakCrypto = "no-pq-kex";
includes = [ includes = [
"config.d/*" "config.d/*"
]; ];