And given that NTRU made it to the third round, and NTRU Prime is labelled as an alternative, I'm not how strong a claim Bernstein can make to being ill-treated by NIST.
The context of the conversation is "Bernstein's NTRU Prime", which is not present for TLS in any draft, and for SSH there are only personal / non-WG drafts.
So while some SSH folks just happened to pick NTRU after looking at the options at a particular point in time, some of the other most widely deployed systems (TLS, IPsec) will not be using it. So I'm not quite sure how defendable the "great preference" claim is.
> I use this in a variety of ways, thousands of logins per day. I don't see much love for AES.
So? Given its focus on low(er)-performance systems, perhaps on chips without AES-NI, it's no surprise that TinySSH does not have AES. Further, Dropbear, another implementation often used on smaller footprints, does have AES and recently added ML-KEM:
PuTTY added ML-KEM in 0.83 earlier this year. So I'm not sure how talking about a niche SSH implementation supports your claim that "there will be great preference in the community for Bernstein's NTRU Prime."
The evidence appears to me that implementation have been adding NIST's choice(s) since they have become available.
While NTRU Prime is not implemented in TLS, if it has even half the lifespan of DSA in SSH then it will be quite long lived.