I’ve recently found that I couldn’t fetch changes from invent.kde.org. It turned out my client was not proposing compatible algorithms for KEX (Key Exchange). No problem, this can be configured in ~/.ssh/config. However, I noticed a weird behavior:
- When no config is present for a host, the default algorithms are
mlkem768x25519-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,ext-info-c,kex-strict-c-v00@openssh.com - If I explicitly add any algorithm to the host config, including one that is already present in the default list, the proposed algorithms update to
mlkem768x25519-sha256,sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com
The client now proposes a handful new (somewhat modern) algorithms, even though I did not explicitly request them.
These algorithms are supposed to be the new default, so why not include them from the start? I compiled openSSH from source, and there, the newer algorithms were all included by default (as should be expected).
In order to see for yourself if you observe the same behavior:
ssh -vv localhost
Add the following simple config to ~/.ssh/config
Host localhost
KexAlgorithms +ecdh-sha2-nistp256
And then re-run the first command. Look for the debug output:
debug2: local client KEXINIT proposal
debug2: KEX algorithms: <algorithms list>
My SSH version for reference:
$ ssh -V
OpenSSH_10.2p1, OpenSSL 3.5.3 16 Sep 2025
Is this a packaging mishap? An intentional choice? The behavior is currently pretty confusing. Thank you for any help!