Cryptography / SSH Weak Key Exchange Algorithms Enabled



The remote SSH server is configured to allow weak key exchange algorithms. The IETF draft document Key Exchange (KEX) Method Updates and Recommendations for Secure Shell (SSH) draft-ietf-curdle-ssh-kex-sha2-20, Section 4 lists guidance on key exchange algorithms that SHOULD NOT and MUST NOT be enabled. This includes among others: diffie-hellman-group-exchange-sha1 diffie-hellman-group1-sha1 gss-gex-sha1-* gss-group1-sha1-* gss-group14-sha1-* rsa1024-sha1


The SSH key exchange algorithm is fundamental to keep the protocol secure. It is what allows two previously unknown parties to generate a shared key in plain sight, and have that secret remain private to the client and server. Over time, some implementations of this algorithm have been identified as weak or vulnerable.


Contact the vendor or consult product documentation to disable the weak algorithms.

Curious? Convinced? Interested?

Arrange a no-obligation consultation with one of our product experts today.