Oracle Linux 7: How To Disable SSH Server Weak Key Exchange Algorithm diffie-hellman-group1-sha1 (Doc ID 2803881.1)

Last updated on MAY 29, 2024

Applies to:

Oracle Cloud Infrastructure - Version N/A and later
Linux OS - Version Oracle Linux 7.0 to Oracle Linux 7.9 [Release OL7 to OL7U9]
Linux x86-64
Linux x86
Linux ARM 64-bit

Goal

The diffie-hellman-group1-sha1 key exchange algorithm is considered a weaker algorithm.
At time of writing, the IETF define the algorithm as one that SHOULD NOT be used rather than one that MUST NOT be used:

https://datatracker.ietf.org/doc/draft-ietf-curdle-ssh-kex-sha2/

OpenSSH on Oracle Linux 7 (OL7) currently supports and enables the algorithm that security/vulnerability scanners such as Qualys may detect as vulnerable.
To ensure maximum security, one should consider disabling weaker OpenSSH key exchange algorithms.
This document describes how to disable the diffie-hellman-group1-sha1 key exchange algorithm on Oracle Linux 7.
The same process may also be used to disable other weaker or non-required algorithms.

Solution

	To view full details, sign in with your My Oracle Support account.
	Don't have a My Oracle Support account? Click to get started!

In this Document

Goal

Solution

References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.

Oracle Linux 7: How To Disable SSH Server Weak Key Exchange Algorithm diffie-hellman-group1-sha1 (Doc ID 2803881.1)

Applies to:

Goal

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!