Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions
Community
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Post Quantum SSH Key Exchange Algorithms

Bryce Larson
Bryce Larson
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
October 7, 2025

When doing git clones, pulls, pushes, etc. I'm getting this warning:

```

** WARNING: connection is not using a post-quantum key exchange algorithm.
** This session may be vulnerable to "store now, decrypt later" attacks.
** The server may need to be upgraded. See https://openssh.com/pq.html
```

This leads me to believe that bitbucket servers don't support post quantum key exchange algorithms for ssh access to git.  Can we get that added soon?

Answer
Watch
Like # people like this
40137 views

5 answers

0 votes
anarchitech
anarchitech
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
November 26, 2025 
ssh -v -F none git@bitbucket.org

Bitbucket is not using a pq algorithm,  using curve25519-sha256 , hence openssh is throwing that warning:

debug1: kex: algorithm: curve25519-sha256@libssh.org

debug1: kex: host key algorithm: rsa-sha2-512

debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none

debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none

 

For comparison, github is running a hybrid pq algorithm, so it's pq compliant and won't throw the warning:

debug1: kex: algorithm: sntrup761x25519-SHA512

debug1: kex: host key algorithm: ssh-ed25519

debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none

debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none

Hybrid Streamlined NTRU Prime sntrup761 and X25519 with SHA-512: sntrup761+x25519+sha512 

 

FWIW, some Linux distros running openssh appear to have incorrect config files and fail to show the warning.   

Reply
0 votes
Abhay Gupta
Abhay Gupta
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 3, 2025

We have created a BCLOUD to address this and here is the link to the BCLOUD for your reference:
BCLOUD-23914

View More Comments
Jim Knepley - ReleaseTEAM
Jim Knepley - ReleaseTEAM
Atlassian Partner
November 3, 2025

The issue created makes a good point that you can suppress the warning messages by changing the log level for bitbucket.org in your ssh_config file. It doesn't solve the problem, but could help reduce confusion.

Host bitbucket.org 
    LogLevel ERROR

 

Like
Kuno Meyer
Kuno Meyer
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
January 20, 2026

Or more targeted (from OpenSSH PQ FAQ):

Host bitbucket.org
     WarnWeakCrypto no

 

Like
Reply
0 votes
Jan Bom Trap
Jan Bom Trap
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
October 30, 2025

I'm experiencing the same Warning on sourcetree enterprice 3.4.45 on windows 11

Reply
0 votes
Ben Hubbard
Ben Hubbard
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
October 14, 2025

I just received this same message too.  Running EndeavourOS Arch Linux on my dev machine and it just upgraded to OpenSSH 10. 

[16:05:01] [hubbaba ~/dev/RampantStrategy(develop)] ➜ ssh -V 
OpenSSH_10.2p1, OpenSSL 3.6.0 1 Oct 2025

This is going to start becoming a common message that people are going to see, so I'd suggest adding it to the roadmap.  Seeing a big warning sign every time I commit just makes me nervous.  

Reply
0 votes
Jim Knepley - ReleaseTEAM
Jim Knepley - ReleaseTEAM
Atlassian Partner
October 7, 2025

Hi @Bryce Larson 

I don't have any special insight into the Bitbucket roadmap; it might already be in progress.

It doesn't look like anyone has opened a feature request ticket, if only to be able to watch it age over the years. I would certainly upvote such a feature.

View More Comments
ccenvcvb
ccenvcvb
Contributor
November 3, 2025

Apperantly I can only create tickets for bitbucket server (BSERV) not for bitbucket cloud.

 

Like
ccenvcvb
ccenvcvb
Contributor
November 3, 2025

Created a support ticket, asked the support team to create a feature request.

Like
ccenvcvb
ccenvcvb
Contributor
November 3, 2025

ticket BCLOUD-23914

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
PREMIUM
PERMISSIONS LEVEL
Product Admin Site Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2026 Atlassian
    Privacy Policy Notice at Collection Terms Security