SHA-1 practical recommendations?

Daniel Pocock daniel at pocock.pro
Thu Mar 11 06:16:27 AEDT 2021



On 10/03/2021 20:05, Aaron Jones wrote:
> On 10/03/2021 15:55, Daniel Pocock wrote:
>> Does the command for checking ssh-rsa distinguish between SHA-1
>> (insecure) and SHA-2?
> 
> The older ssh-rsa algorithm *only* uses SHA-1. The SHA-2 versions are
> rsa-sha2-256 and rsa-sha2-512. If connecting to a server succeeds when
> the former is excluded, the server supports SHA-2. If it does not, it
> only supports SHA-1.
> 
> This also has nothing to do with the MACs setting; HMAC-SHA1 is still
> secure (as is HMAC-MD5).

Thanks for the fast reply

This is one of the search results for hardening that suggests tweaking
MACs, this is the reason I wanted to seek clarification:

https://access.redhat.com/discussions/3121481

What about KexAlgorithms - should people change this either on client,
server or both to remove entries like
diffie-hellman-group-exchange-sha1, and diffie-hellman-group14-sha1 ?

Is there any SHA1 value cached in known_hosts or does that only contain
full public keys?

Regards,

Daniel


More information about the openssh-unix-dev mailing list