vSphere Replication 8.7 SSH disable SHA1
Article ID: 378700
Updated On:
Products
VMware Live Recovery
Issue/Introduction
SHA1 is enabled on port 22 for SSH. This may be picked up by security scanners as a vulnerability.
Environment
vSphere Replication 8.7
OpenSSH 7.8
Cause
SHA1 is enabled on port 22 (SSH)
Resolution
Steps to remove SHA1 for SSH:
1. Edit sshd_config
vi /etc/ssh/sshd_config
2. Add the following line:
KexAlgorithms -diffie-hellman-group14-sha1
3. systemctl restart sshd
4. Test with nmap or your scanner
Example from the lab of sshd_config with change:
Results from NMAP (SHA1 is gone now):
Feedback
Yes
No
Powered by
