SHA-1 (deprecated)

Disabled in OpenSSH 8.8 September 2021

Attacks

Certificates are at special risk to the aforementioned SHA1 collision vulnerability as an attacker has effectively unlimited time in which to craft a collision that yields them a valid certificate, far more than the relatively brief LoginGraceTime window that they have to forge a host key signature.

SHA, SHA-0, SHA-1, SHA-2, SHA-3, SHA-256, shasum, sha1sum, sha256sum, sha512sum
OpenSSH (changelog): /etc/ssh/sshd_config | /etc/ssh/ssh_config | ~/.ssh/ | openSSL | sshd logs | sftp | scp | authorized_keys | ssh-keygen | ssh-keyscan | ssh-add | ssh-agent | ssh | Ssh -O stop | ssh-copy-id | CheckHostIP | UseKeychain, OpenSSF

SHA-1 (deprecated)

Attacks

See also

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Tools