Oracle Linux: How To Disable SSH Server Weak Key Exchange Algorithm diffie-hellman-group1-sha1 (Doc ID 2803881.1)

Last updated on OCTOBER 11, 2022

Applies to:

Linux OS - Version Oracle Linux 7.0 and later
Oracle Cloud Infrastructure - Version N/A and later
Linux x86-64
Linux x86
Linux ARM 64-bit

Goal

The diffie-hellman-group1-sha1 key exchange algorithm is considered a weaker algorithm.
At time of writing, the IETF define the algorithm as one that SHOULD NOT be used rather than one that MUST NOT be used:

https://datatracker.ietf.org/doc/draft-ietf-curdle-ssh-kex-sha2/

OpenSSH on Oracle Linux 7 currently supports and enables the algorithm that security/vulnerability scanners such as Qualys may detect as vulnerable.
To ensure optimal security, one should consider disabling weaker OpenSSH key exchange algorithms.
This document describes how to disable the diffie-hellman-group1-sha1 key exchange algorithm within on Oracle Linux 7.
The same process may also be used to disable other algorithms.

Solution

	To view full details, sign in with your My Oracle Support account.
	Don't have a My Oracle Support account? Click to get started!

In this Document

Goal

Solution

References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.

Oracle Linux: How To Disable SSH Server Weak Key Exchange Algorithm diffie-hellman-group1-sha1 (Doc ID 2803881.1)

Applies to:

Goal

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!