Page MenuHomePhabricator
Create Task
Maniphest T407844

Gerrit ssh daemon does not offer post-quantum kex leading to a warning with OpenSSH 10
Open, LowPublic
Actions

Description

OpenSSH 10.1+ warns that Gerrit SSH daemon does not use post-quantum key exchange algorithm:

$ git fetch
** WARNING: connection is not using a post-quantum key exchange algorithm.
** This session may be vulnerable to "store now, decrypt later" attacks.
** The server may need to be upgraded. See https://openssh.com/pq.html

See https://www.openssh.com/pq.html

For Gerrit, it requires a change to an upstream library (Apache MINA SSHD). The library is bundled within Gerrit and upgraded as part of upgrading Gerrit itself.

It looks like the kex algo are sntrup761x25519-sha512 (OpenSSH 9.9) and additionally mlkem768x25519-sha256 (OpenSSH 10.0).

  • find whether the algo are implemented in Apache MINA SSHD
  • get the released version
  • find Gerrit version bundling the appropriate lib

Our Gerrit is, as of October 2025, version 3.10.6 which comes with Apache MINA SSHD 2.12.0. The kex it offers:

debug2: host key algorithms: ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256

The warning can be disabled using:

~/.ssh/config
Host gerrit.wikimedia.org
    WarnWeakCrypto=no-pq-kex

Related Objects
Search...

StatusSubtypeAssignedTask
 ResolvedNoneT393239 ProbeDown
 OpenNoneT407557 OpenSSH 10.1+ warns that Wikimedia SSH does not use post-quantum key exchange algorithm
 OpenNoneT407844 Gerrit ssh daemon does not offer post-quantum kex leading to a warning with OpenSSH 10
 OpenNoneT379714 Upgrade to Gerrit 3.11
 OpenNoneT392465 Switch Gerrit from Java 17 to Java 21
 OpenNoneT392464 Upgrade Gerrit hosts from Bullseye to Bookworm
 In ProgressABran-WMFT387833 Gerrit failover process
 OpenNoneT388507 Investigate missing commit from old changes
 ResolvedABran-WMFT260666 Create a cookbook to automate gerrit's switchover
 ResolvedABran-WMFT393050 ProbeDown
 ResolvedMatthewVernonT392186 Grant Gerrit admin to arnaudb
 ResolvedLSobanskiT393034 Investigate out of date refs following gerrit switchover
 ResolvedABran-WMFT395440 Gerrit read-only plugin test
 OpenABran-WMFT406334 Gerrit switchover between secondary instances
 ResolvedLSobanskiT406482 SystemdUnitFailed (jenkins.service on contint1002)
 ResolvedhasharT406762 gerrit2003 is trying to backup incrementally 3.5 million files every hour, clogging backus and filling in available disk space
 OpenABran-WMFT411583 Gerrit backups are growing
 ResolvedhasharT406856 Reduce size of analytics/superset/deploy.git Gerrit repo
Restricted Task
 ResolvedDzahnT372804 setup gerrit2003 with gerrit service (gerrit on bookworm)
 In ProgressABran-WMFT338470 Rename gerrit2 unix user to gerrit and assign a fixed uid
 ResolvedDzahnT379213 PuppetFailure - gerrit2003
 OpenNoneT333143 Move Gerrit data out of root partition
 Resolved MarosteguiT388785 SSH on gerrit2003 is CRITICAL: CRITICAL
 ResolvedDzahnT374899 PuppetFailure - gerrit2003
 OpenNoneT257317 scap deploy --init on deployment server fails on first puppet run
Restricted Task
 ResolvedDzahnT402847 ProbeDown - gerrit1003
 ResolvedABran-WMFT403347 ProbeDown
 ResolvedABran-WMFT403963 ProbeDown - http_gerrit_tls_ip4 gerrit2003
 ResolvedABran-WMFT404070 ProbeDown - http_gerrit_tls_ip4 gerrit2003.

Event Timeline

hashar created this task.Oct 21 2025, 9:33 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 21 2025, 9:33 AM
hashar triaged this task as Low priority.Oct 21 2025, 9:34 AM
hashar mentioned this in T407557: OpenSSH 10.1+ warns that Wikimedia SSH does not use post-quantum key exchange algorithm.
Lucas_Werkmeister_WMDE added subscribers: Lucas_Werkmeister_WMDE, Paladox.Oct 21 2025, 10:03 AM

find whether the algo are implemented in Apache MINA SSHD
get the released version

In T407557#11285886, @Lucas_Werkmeister_WMDE wrote:

According to #803 it gained support for mlkem768x25519-sha256 at some point, though I think that might not have made it into a proper release yet (only the upcoming 3.0.0-M2 if I’m not mistaken). Somewhat earlier, #498 added and #528 fixed sntrup761x25519-sha512; this was seemingly first released in sshd-2.13.2.

find Gerrit version bundling the appropriate lib

In T407557#11286112, @Paladox wrote:

https://github.com/apache/mina-sshd/commit/4f2ccf885292adde1d3a0d5f9abd9fb513b07688 I think added support for post quantum algorithms I think? Which gerrit 3.11 uses (uses version 2.14 which has that commit).

(Emphasis added; the commit Paladox linked is the broken version I mentioned above, but if Gerrit 3.11 indeed uses MINA 2.14 then it should also have the fix from #528.)

Lucas_Werkmeister_WMDE added a subtask: T379714: Upgrade to Gerrit 3.11.Oct 21 2025, 11:00 AM
LSobanski moved this task from Incoming to K8s on the collaboration-services board.Oct 27 2025, 3:38 PM
LSobanski moved this task from K8s to Backlog on the collaboration-services board.Mon, Nov 24, 3:18 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits