Does pfsense have a old outdated SSHD version, and how to update it?

TommyMoo

Hello community, I have MacOS Sequoia 15.7.1 with MacPorts, I dont use Apples SSHD / SSH, Im using the MacPorts version of OpenSSH, the version I actually use of OpenSSH is openssh @10.2p1_0

Now, when I connect to my pfsense, I get this warning:

** WARNING: connection is not using a post-quantum key exchange algorithm.
** This session may be vulnerable to "store now, decrypt later" attacks.
** The server may need to be upgraded. See https://openssh.com/pq.html
[2.8.1-RELEASE]

Is there a way, to fix that, or update sshd on pfsense?

Thanks for reading and help!

stephenw10

The short answer is no. But it will be in the next release: https://github.com/pfsense/FreeBSD-src/commit/8e28d84935f2f0ee081d44f9803f3052b960e50b

However you should be able to tell the client to connect to it anyway.

TommyMoo

@stephenw10 OK, Thanks for the info, its no issue for me, as I only have allowed to connect to my pfsense via SSH by the LAN side, just been curious and wondered about the warning! Thank you

zcrayfish

This message is truly bizarre to me as pfsense should have sntrup761x25519-sha512 already . . .