How to Disable ssh-rsa Algorithm in Red Hat Enterprise Linux 9 for Enhanced SSH Security

Solution Verified - Updated -

Issue

  • Security scans have reported the deprecated ssh-rsa host key algorithm in use on Red Hat Enterprise Linux 9 servers.

  • Running an nmap scan reveals ssh-rsa listed among supported algorithms:

    # nmap --script ssh2-enum-algos -sV -p 22 127.0.0.1

|   server_host_key_algorithms: (5)
|       rsa-sha2-512
|       rsa-sha2-256
|       ssh-rsa                         <-----
|       ecdsa-sha2-nistp256
|       ssh-ed25519

Environment

  • Red Hat Enterprise Linux 9
  • OpenSSH

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content