[Bug 3779] SHA1 deprecation
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Wed Jan 22 10:45:38 AEDT 2025
https://bugzilla.mindrot.org/show_bug.cgi?id=3779
--- Comment #3 from Darren Tucker <dtucker at dtucker.net> ---
(In reply to Shaheena Kazi from comment #2)
> Hey Darren,
>
> Output of the commands is as below:
>
> ssh -G -F /dev/null localhost | \
> grep -E
> 'kexalgorithms|pubkeyacceptedalgorithms|hostkeyalgorithms|macs'
These show the compiled-in defaults. As I said before:
> then again without the -F/-f to view the effective settings.
> Is there any way to remove sha1 i.e., ssh-rsa from key-exchange
> algorithms, host keys, user keys and message authentication codes
> which you said might be using SHA1 ? Please suggest if anything can
> be done.
Yes you can set KexAlgorithms, PubkeyAcceptedAlgorithms,
HostKeyAlgorithms and MACs in sshd_config and ssh_config (either
explicitly setting the allowed list, or by prefixing with "-" to remove
them, eg "-ssh-rsa". See ssh_config(5) and sshd_config(5) man pages.
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list