Advancing Post-Quantum Capabilities of SSH in Red Hat Enterprise Linux

Post‑quantum cryptography (PQC) is moving from research labs into production environments, and Red Hat Enterprise Linux (RHEL) is at the forefront. After introducing hybrid key‑exchange algorithms in OpenSSL, GnuTLS and NSS for TLS 1.3, RHEL 10.2 extends the same quantum‑resistant approach to Secure Shell. By default, OpenSSH 9.9 now prefers the mlkem768x25519‑sha256 hybrid, while the new libssh 0.12.0 library mirrors this behavior, giving customers a seamless upgrade path that protects against "harvest‑now, decrypt‑later" threats.

The most notable addition is FIPS‑mode support for two NIST‑approved hybrids: mlkem768nistp256‑sha256 and mlkem1024nistp384‑sha384. Red Hat’s downstream patches integrate these algorithms into the OpenSSH codebase, allowing organizations that must adhere to FIPS 140‑2/3 to enable quantum‑safe SSH without waiting for upstream adoption. This move not only satisfies compliance auditors but also future‑proofs critical infrastructure, as the hybrid designs combine proven elliptic‑curve Diffie‑Hellman with lattice‑based ML‑KEM, offering strong security even if quantum computers become practical.

Looking ahead, Red Hat is actively shaping the next generation of SSH standards. Ongoing work targets pure ML‑KEM key exchange, ML‑DSA signature schemes, and hybrid GSSAPI authentication that would make Kerberos‑based SSH connections quantum‑resistant. By contributing patches and RFC drafts to the IETF SSHM working group, Red Hat ensures that enterprise customers will have a clear migration path as the cryptographic community converges on final PQC specifications. The combined effort of upstream developers, standards bodies, and Red Hat’s implementation expertise positions RHEL as a reliable platform for organizations seeking long‑term, quantum‑secure communications.