In an era where quantum computing looms on the horizon, GitHub is taking proactive steps to future-proof your SSH connections. Starting September 17, 2025, a new post-quantum secure key exchange algorithm will be enabled on GitHub.com and most GitHub Enterprise Cloud regions. This upgrade ensures that your Git data remains protected against both classical and potential quantum-based decryption attacks. Below are ten key points you need to understand about this significant security enhancement.

1. What Is the New Post-Quantum Key Exchange Algorithm?

GitHub is introducing a hybrid key exchange algorithm known as sntrup761x25519-sha512 (formerly sntrup761x25519-sha512@openssh.com). This algorithm combines the classical Elliptic Curve Diffie-Hellman (ECDH) using the X25519 curve with the post-quantum candidate Streamlined NTRU Prime. The result is a cryptographically robust method for establishing a shared secret between your SSH client and GitHub’s servers, resistant to attacks from both current and future quantum computers. This algorithm is added to the list of supported key exchanges for SSH connections used to access Git repositories.

2. Why This Upgrade Matters Now

While practical quantum computers capable of breaking today’s encryption may still be years away, the threat of “store now, decrypt later” attacks is real. Attackers can intercept and save encrypted SSH traffic today, waiting for a future quantum computer to decrypt it. By deploying a hybrid post-quantum algorithm now, GitHub ensures that your data remains secure even if such technology becomes available. This proactive measure protects sensitive code, credentials, and intellectual property from being compromised decades from now, aligning with industry best practices for long-term cryptographic agility.

3. How the Hybrid Approach Works

The algorithm sntrup761x25519-sha512 is a hybrid—it uses two independent key exchange mechanisms simultaneously. One is the classical X25519 ECDH, which is well-tested and trusted today. The other is Streamlined NTRU Prime, a lattice-based post-quantum scheme. Even if future research finds a weakness in Streamlined NTRU Prime, the combined security is no weaker than the classical X25519 alone. This ensures backward compatibility and maintains a high level of security regardless of cryptographic advances. The shared secret derived from both components is hashed using SHA-512 for final key derivation.

4. What Does Not Change: HTTPS Access Unaffected

This upgrade applies only to SSH access to Git repositories. If you use HTTPS URLs (starting with https://github.com) to clone, fetch, or push, you will see no change. HTTPS connections already use TLS, which has its own post-quantum migration path. For SSH users, the algorithm change is transparent: if your client supports the new algorithm, it will be used automatically. No manual configuration is required for most modern OpenSSH clients, although users with older versions may need to update. Additionally, GitHub Enterprise Cloud customers with data residency in the United States region are excluded due to FIPS compliance requirements.

5. Regional Limitations: US Region Exclusion

Due to FIPS 140-2/140-3 compliance requirements, the US region of GitHub Enterprise Cloud (and similarly restricted federal environments) cannot use non-FIPS-approved cryptographic algorithms. Streamlined NTRU Prime has not been approved by FIPS, so the hybrid algorithm will not be enabled for US-resident enterprise accounts. Customers in that region will continue using only classical key exchanges. For GitHub.com and other non-US Enterprise Cloud regions, the new algorithm will be available. This regional distinction is important for organizations with strict compliance mandates. GitHub is monitoring FIPS developments and may update support as post-quantum algorithms become approved.

6. Timeline: When to Expect the Change

September 17, 2025 is the activation date for GitHub.com and all GitHub Enterprise Cloud data residency regions except the US. On that date, the new key exchange algorithm will be added to SSH endpoints. For self-hosted customers, GitHub Enterprise Server 3.19 will include this algorithm when it is released. There is no end-of-life for classical algorithms; both will coexist. GitHub recommends that all users ensure their SSH clients are updated before this date to take full advantage of the enhanced security. No downtime or service interruption is expected during the rollout.

7. How to Prepare Your SSH Client

Most users need to do nothing if they run a modern version of OpenSSH (9.0 or newer). The client will automatically negotiate the new algorithm if the server supports it. To verify your client’s version, run ssh -V. If you use older clients (e.g., OpenSSH 8.9 or earlier), you may need to upgrade to enable post-quantum support. For systems where upgrade is not possible, you can manually specify the key exchange algorithm using the -oKexAlgorithms= option, though this is not recommended for long-term use. Additionally, check your ~/.ssh/config to ensure no overrides are blocking new algorithms. Enterprise administrators should update their SSH policies accordingly.

8. Compatibility with OpenSSH Versions

The algorithm sntrup761x25519-sha512@openssh.com was added in OpenSSH 9.0, released in 2022. OpenSSH 9.1 and later also support the shorter name sntrup761x25519-sha512. If your system runs OpenSSH 9.0 or higher, you are ready. For macOS, the built-in SSH client may be older; consider installing a newer version via Homebrew. Windows users with Git for Windows should ensure they have the latest version. Other SSH implementations (e.g., PuTTY) do not currently support this algorithm. If you rely on PuTTY, consider using the bundled OpenSSH client from Git for Windows, or wait for future updates. GitHub will continue to support classical algorithms for legacy clients.

9. Understanding the ‘Store Now, Decrypt Later’ Threat

The primary motivation for this upgrade is the store now, decrypt later (SNDL) attack vector. Adversaries can mass-collect encrypted network traffic today, storing it until a quantum computer becomes powerful enough to break classical Diffie-Hellman or RSA key exchange. Since SSH connections authenticate users and transfer Git data, a successful SNDL attack could expose credentials, source code, and other sensitive information years after the session occurred. By deploying a hybrid post-quantum algorithm, GitHub adds a layer of protection that makes such stored traffic significantly harder to decrypt even with future quantum capabilities. This is a critical step in long-term cryptographic security.

10. The Future of Cryptographic Security on GitHub

GitHub’s adoption of sntrup761x25519-sha512 is part of a broader industry movement toward post-quantum cryptography. NIST is currently standardizing several quantum-resistant algorithms, and GitHub will continue to update its cryptographic suites as standards evolve. This SSH upgrade is a foundational step; future changes may include post-quantum signatures for SSH keys or TLS ciphers. For now, users can rest assured that their Git operations are better protected against the quantum threat. GitHub recommends staying informed about OpenSSH updates and regularly reviewing security best practices to maintain a strong security posture.

In summary, GitHub’s move to hybrid post-quantum key exchange for SSH is a proactive measure to safeguard your code against both current and future threats. By understanding these ten key facts, you can prepare your environment and ensure seamless, secure access to your repositories. The change is largely transparent for most users but represents a significant step forward in cryptographic resilience. As quantum computing advances, such updates will become increasingly vital for protecting digital assets. Stay updated, upgrade your clients, and keep your data secure for decades to come.