You're almost there! Please answer a few more questions for access to the Applications content. Complete registration
Interested in joining? Complete your registration by providing Areas of Interest here. Register

How To Disable SSH Server Weak Key Exchange Algorithms in OL7

edited May 20, 2024 5:17PM in Linux

APPLIES TO:

Linux OS - Version Oracle Linux 7.0

Oracle Cloud Infrastructure - Version N/A and later

Linux x86-64

GOAL:

The diffie-hellman-group1-sha1 and diffie-hellman-group-exchange-sha1 key exchange algorithms are considered weak algorithms.

OpenSSH on Oracle Linux 7 currently supports and enables these algorithms that security/vulnerability scanners such as Qualys may detect as vulnerable.

To ensure optimal security, one should consider disabling weaker OpenSSH key exchange algorithms.

This document describes how to disable the diffie-hellman-group1-sha1 and diffie-hellman-group-exchange-sha1 key exchange algorithms within on Oracle Linux 7.

SOLUTION:

To disable Oracle Linux 7 OpenSSH diffie-hellman-group1-sha1 key exchange algorithm, perform the following:

A) Check whether key exchange algorithms diffie-hellman-group1-sha1 and diffie-hellman-group-exchange-sha1 are currently enabled:

Howdy, Stranger!

Log In

To view full details, sign in.

Register

Don't have an account? Click here to get started!