You're almost there! Please answer a few more questions for access to the Applications content. Complete registration
Interested in joining? Complete your registration by providing Areas of Interest here. Register
Note!! Please register for a free account to access the full content and also to participate in Q&A in the community

How To Disable SSH Server Weak Key Exchange Algorithms in OL7

edited Apr 24, 2025 3:40AM in Linux

APPLIES TO:

Linux OS - Version Oracle Linux 7.0

Oracle Cloud Infrastructure - Version N/A and later

Linux x86-64

GOAL:

The diffie-hellman-group1-sha1 and diffie-hellman-group-exchange-sha1 key exchange algorithms are considered weak algorithms.

OpenSSH on Oracle Linux 7 currently supports and enables these algorithms that security/vulnerability scanners such as Qualys may detect as vulnerable.

To ensure optimal security, one should consider disabling weaker OpenSSH key exchange algorithms.

This document describes how to disable the diffie-hellman-group1-sha1 and diffie-hellman-group-exchange-sha1 key exchange algorithms within on Oracle Linux 7.

SOLUTION:

To disable Oracle Linux 7 OpenSSH diffie-hellman-group1-sha1 key exchange algorithm, perform the following:

A) Check whether key exchange algorithms diffie-hellman-group1-sha1 and diffie-hellman-group-exchange-sha1 are currently enabled:

Tagged:

Howdy, Stranger!

Log In

To view full details, sign in.

Register

Don't have an account? Click here to get started!