Mitigate SHA-1 vulnerabilities in Security Analytics Appliances
search cancel

Mitigate SHA-1 vulnerabilities in Security Analytics Appliances

book

Article ID: 380935

calendar_today

Updated On:

Products

Security Analytics

Issue/Introduction

In the field of cybersecurity, hash algorithms play a crucial role in ensuring data integrity and confidentiality. Among various hash functions available today, one of the most widely used algorithms is the Secure Hash Algorithm 1 (SHA-1). 

The primary vulnerability of SHA-1 is its collision resistance, which means that it is possible to find two different messages that produce the same hash value.  Therefore, it is recommended that SHA-1 be disabled on Security Analytics.

Resolution

  1. Log in as 'root' from an SSH terminal session.

  2. Backup the /etc/ssh/sshd_config

    cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak

  3. Open /etc/ssh/sshd_config with VI (or other text editor).

  4. Apply the below changes

    Remove hmac-sha1 from the MACs line (around line 149).  The resulting line should look like this:  

    MACs hmac-sha2-256,hmac-sha2-512

    Comment the HostKey /etc/ssh/ssh_host_rsa_key line by adding a # at the beginning of the line (around line 187).  The resulting line should look like this:

    #HostKey /etc/ssh/ssh_host_rsa_key

    Add ecdsa and ed25519 as HostKey parameters.  Add these as new lines to the bottom of the config file

    HostKey /etc/ssh/ssh_host_ecdsa_key
    HostKey /etc/ssh/ssh_host_ed25519_key

  5. Save the file.
  6. Restart sshd service

    systemctl restart sshd

Additional Information

sha1