Comment by singlow
1 day ago
So what person is running an SSH server and configuring it to use post-quantum crypto, but is using password Auth? Priorities are out-of-whack.
Not that this is a bad thing, but first start using keys, then start rotating them regularly and then worry about theoretical future attacks.
Those are completely disjoint threats.
A captured SSH session should never be able to decrypted by an adversary regardless of whether it uses passwords or keys, or how weak the password is.