Bad SSH2 KexAlgorithms 'dha-sha1'

Solution Verified - Updated -

Issue

  • The sshd service started failing after adding weak ssh key exchange algorithm (dha-sha1) in sshd configuration file.

    # cat /etc/ssh/sshd_config
KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,dha-sha-1

# journalctl -u sshd
Jun 13 21:00:48 rh7 sshd[2297]: /etc/ssh/sshd_config line 144: Bad SSH2 KexAlgorithms 'dha-sha1'.
Jun 13 21:00:48 rh7 systemd[1]: sshd.service: main process exited, code=exited, status=255/n/a
Jun 13 21:00:48 rh7 systemd[1]: Failed to start OpenSSH server daemon.

Environment

  • Red Hat Enterprise Linux (All Versions)
  • OpenSSH

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content