OpenSSH has announced plans to drop support for it's SHA-1 authentication method.

According to the report of ZDNet : The OpenSSH team currently considered SHA-1 hashing algorithm insecure (broken in real-world attack in February 2017 when Google cryptographers disclosed SHAttered attack which could make two different files appear as they had the same SHA-1 file signature). The OpenSSH project will be disabling the 'ssh-rsa' (which uses SHA-1) mode by default in a future release, they also plan to enable the 'UpdateHostKeys' feature by default which allow servers to automatically migrate from the old 'ssh-rsa' mode to better authentication algorithms.

  • 5
    Still having sha1 as default is really a shame. They should skip straight to sha3.
  • 1
    Wait what? What does the ssh-rsa HostKeyAlgorithm have to do with using sha-1 as MAC?
    You can simply disable the latter while still using ssh-rsa.

    Or is sha-1 used somewhere inside ssh-rsa?
Add Comment