How To Disable SSH Server Weak Key Exchange Algorithms in OL7
APPLIES TO:
Linux OS - Version Oracle Linux 7.0
Oracle Cloud Infrastructure - Version N/A and later
Linux x86-64
GOAL:
The diffie-hellman-group1-sha1 and diffie-hellman-group-exchange-sha1 key exchange algorithms are considered weak algorithms.
OpenSSH on Oracle Linux 7 currently supports and enables these algorithms that security/vulnerability scanners such as Qualys may detect as vulnerable.
To ensure optimal security, one should consider disabling weaker OpenSSH key exchange algorithms.
This document describes how to disable the diffie-hellman-group1-sha1 and diffie-hellman-group-exchange-sha1 key exchange algorithms within on Oracle Linux 7.
SOLUTION:
To disable Oracle Linux 7 OpenSSH diffie-hellman-group1-sha1 key exchange algorithm, perform the following:
A) Check whether key exchange algorithms diffie-hellman-group1-sha1 and diffie-hellman-group-exchange-sha1 are currently enabled: