SSH: Deprecation of Weak Algorithms as of IGEL Linux 10.04.100

As of IGEL Linux 10.04.100 certain older, less secure algorithms are deprecated in both the SSH client and server.

The following table shows the algorithms enabled by default as of IGEL Linux version 10.04.100.

Key exchange algorithms

  • curve25519-sha256@libssh.org
  • ecdh-sha2-nistp521
  • ecdh-sha2-nistp384
  • ecdh-sha2-nistp256
  • diffie-hellman-group-exchange-sha256

Message authentication codes (MACs)

  • hmac-sha2-512-etm@openssh.com
  • hmac-sha2-256-etm@openssh.com
  • umac-128-etm@openssh.com
  • hmac-sha2-512
  • hmac-sha2-256
  • umac-128@openssh.com

Host keys

  • ssh-ed25519-cert-v01@openssh.com
  • ssh-rsa-cert-v01@openssh.com
  • ssh-ed25519
  • ssh-rsa
  • ecdsa-sha2-nistp521-cert-v01@openssh.com
  • ecdsa-sha2-nistp384-cert-v01@openssh.com
  • ecdsa-sha2-nistp256-cert-v01@openssh.com
  • ecdsa-sha2-nistp521
  • ecdsa-sha2-nistp384
  • ecdsa-sha2-nistp256

If you need to enable weaker algorithms, see Enable Weaker Algorithms in the SSH client and/or Enable Weaker Algorithms in the Built-in OpenSSH Server.