SHA1 based HMAC algorithms enabled for SSH Server
search cancel

SHA1 based HMAC algorithms enabled for SSH Server


Article ID: 271218


Updated On:


CA Automic Applications Manager (AM)


Applications Manager version 9.4.0 introduced a new SSHD Server process that runs on each Remote Agent. This additional process is used for assisting in Disaster Recovery activity as noted in the documentation linked below:

Disaster Recovery

However, the SSHD Server process may use SHA1 based HMAC algorithms which may be considered vulnerable to the security team. 

Is there a way to disable SHA1 based HMAC algorithms?


Release : 9.4.4


A permanent fix will be included in Applications Manager version 9.5.1 to remove the use of SHA1 based HMAC algorithms.

Temporary Workaround:

Do not use or start the SSH Server process. The SSHD Server process can be started using the following commands:

1. startso all
2. startso sshdserver

Since the "startso all" command starts both the agentservice process and the sshd server process, it is recommended that the "startso all" command is replaced with a "startso agentservice" command to bypass the starting of the SSHD Server process.