How to Securely Disable Weak SSH Key Exchange Algorithms (diffie-hellman-group1-sha1) in Ubuntu Server


3 views

When running ssh -Q kex on modern Ubuntu systems, you might still see outdated key exchange algorithms like diffie-hellman-group1-sha1 listed. This 1024-bit DH group is considered cryptographically weak and has been deprecated in PCI DSS compliance standards since 2016 due to vulnerability to Logjam attacks.

First, verify which KEX algorithms your SSH server is actually using:

sshd -T | grep kexalgorithms
# or for more detailed debugging:
ssh -vvv -oKexAlgorithms=diffie-hellman-group1-sha1 user@localhost

Edit /etc/ssh/sshd_config and add/modify these lines:

# Disable weak key exchange algorithms
KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256

# Optional: Also disable other weak algorithms
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com

After restarting SSH (sudo systemctl restart sshd), test with:

ssh -oKexAlgorithms=diffie-hellman-group1-sha1 localhost
# Should fail with:
# no matching key exchange method. Their offer: [new algorithms list]

For automated testing, use nmap:

nmap --script ssh2-enum-algos -sV -p 22 your-server-ip

If you must support older clients, consider creating a separate SSH endpoint with different configuration rather than weakening your primary server:

# In /etc/ssh/sshd_config
Port 2222
KexAlgorithms diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
Match Address 192.168.1.0/24
    KexAlgorithms +diffie-hellman-group1-sha1

For production environments, consider using tools like:

# CIS Benchmark tool
sudo apt install lynis
sudo lynis audit system

# OpenSCAP
sudo apt install ssg-debian
sudo oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_pci-dss \
    /usr/share/xml/scap/ssg/content/ssg-debian10-ds.xml

Running ssh -Q kex reveals that many Ubuntu servers still support obsolete key exchange algorithms like diffie-hellman-group1-sha1. This 1024-bit DH group is considered cryptographically weak and fails PCI DSS requirements since 2018 (v3.2.1).

sudo nano /etc/ssh/sshd_config

Add or modify these lines to explicitly disable weak algorithms while preserving modern ones:

KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,
ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,
aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,
umac-128-etm@openssh.com

Use this command to verify syntax without restarting SSH:

sudo sshd -t

For production systems, consider this graceful restart approach:

sudo systemctl reload ssh

After implementation, test using nmap:

nmap --script ssh2-enum-algos target.server.com

Or test locally with:

ssh -vv -o KexAlgorithms=diffie-hellman-group1-sha1 localhost

This should fail with "no matching key exchange method found" if configured correctly.

For legacy clients that absolutely require SHA1, consider creating a restricted SSH entry point with:

Match Address 192.168.1.100
    KexAlgorithms +diffie-hellman-group14-sha1