Oracle Linux: How To Disable SSH Server Weak Key Exchange Algorithm diffie-hellman-group1-sha1
(Doc ID 2803881.1)
Last updated on OCTOBER 11, 2022
Applies to:Linux OS - Version Oracle Linux 7.0 and later
Oracle Cloud Infrastructure - Version N/A and later
Linux ARM 64-bit
The diffie-hellman-group1-sha1 key exchange algorithm is considered a weaker algorithm.
At time of writing, the IETF define the algorithm as one that SHOULD NOT be used rather than one that MUST NOT be used:
OpenSSH on Oracle Linux 7 currently supports and enables the algorithm that security/vulnerability scanners such as Qualys may detect as vulnerable.
To ensure optimal security, one should consider disabling weaker OpenSSH key exchange algorithms.
This document describes how to disable the diffie-hellman-group1-sha1 key exchange algorithm within on Oracle Linux 7.
The same process may also be used to disable other algorithms.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document