My Oracle Support Banner

Oracle Linux: How To Disable SSH Server Weak Key Exchange Algorithm diffie-hellman-group1-sha1 (Doc ID 2803881.1)

Last updated on SEPTEMBER 01, 2021

Applies to:

Linux OS - Version Oracle Linux 7.0 and later
Linux x86-64
Linux x86
Linux ARM 64-bit

Goal

The diffie-hellman-group1-sha1 key exchange algorithm is considered a weaker algorithm.
At time of writing, the IETF define the algorithm as one that SHOULD NOT be used rather than one that MUST NOT be used:
- https://tools.ietf.org/id/draft-ietf-curdle-ssh-kex-sha2-09.html#rfc.section.5

OpenSSH on Oracle Linux 7 currently supports and enables the algorithm that security/vulnerability scanners such as Qualys may detect as vulnerable.
To ensure optimal security, one should consider disabling weaker OpenSSH key exchange algorithms.
This document describes how to disable the diffie-hellman-group1-sha1 key exchange algorithm within on Oracle Linux 7.
The same process may also be used to disable other algorithms.

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.