Oracle Linux 8: How to Disable All Weak SHA1 Algorithms in OpenSSH Server (Doc ID 2812822.1)

Last updated on JUNE 05, 2024

Applies to:

Linux OS - Version Oracle Linux 8.0 and later
Linux x86-64
Linux ARM 64-bit

Goal

This document describes how to disable weak key exchange SHA1 algorithms e.g. diffie-hellman-group1-sha1 within OpenSSH Server (sshd).

In particular, we do not recommend allowing diffie-hellman-group1-sha1, unless needed for compatibility. It uses a 768 bit prime number, which is too small by today's standards and may be breakable by intelligence agencies in real time. Using it could expose connections to man-in-the-middle attacks when faced with such adversaries.

Solution

	To view full details, sign in with your My Oracle Support account.
	Don't have a My Oracle Support account? Click to get started!

In this Document

Goal

Solution

References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.

Oracle Linux 8: How to Disable All Weak SHA1 Algorithms in OpenSSH Server (Doc ID 2812822.1)

Applies to:

Goal

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!