Daniel Pocock <daniel@xxxxxxxxxx> writes: > What about KexAlgorithms - should people change this either on client, > server or both to remove entries like > diffie-hellman-group-exchange-sha1, and diffie-hellman-group14-sha1 ? You may find interest in the IETF draft https://datatracker.ietf.org/doc/draft-ietf-curdle-ssh-kex-sha2/ Any KeX with *sha1* in the name should be avoided or put last in the list to be negotiated. > Is there any SHA1 value cached in known_hosts or does that only > contain full public keys? The SSH host keys are just the public keys. The hash is determined by the negotiation. Be safe, stay healthy, -- Mark _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
