My Oracle Support Banner

Oracle Linux 8: How to Disable diffie-hellman-group1-sha1 KeyAlgorithm in OpenSSH Server (Doc ID 2812822.1)

Last updated on OCTOBER 12, 2021

Applies to:

Linux OS - Version Oracle Linux 8.0 and later
Linux x86-64
Linux ARM 64-bit


This document describes how to disable weak key exchange algorithms e.g. diffie-hellman-group1-sha1 within OpenSSH Server (sshd).

In particular, we do not recommend allowing diffie-hellman-group1-sha1, unless needed for compatibility. It uses a 768 bit prime number, which is too small by today's standards and may be breakable by intelligence agencies in real time. Using it could expose connections to man-in-the-middle attacks when faced with such adversaries.



To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.