OpenSSH to drop support for SSH-1 authentication, disables SSH-RSA public key


OpenSSH to deprecate SHA-1 based encryption, disable SSH-RSA public key signature algorithm

You will no longer be able to use the SHA-1 based encryption or SSH-RSA public key in the future. This was divulged by OpenSSH today when they announced plans to drop support for its SHA-1 authentication scheme.

The SSH-1 and SSH-RSA public key are managed by OpenSSH. OpenSSH aka OpenBSD Secure Shell is a suite of secure networking utilities based on the Secure Shell (SSH) protocol, which provides a secure channel over an unsecured network in a client-server architecture. In layman terms, it provides utility for connecting to and managing remote servers.

OpenSSH stated today that the SHA-1 hashing algorithm was no longer viable as an secure encryption. SHA-1 had been under notice since 2017 when Google engineers and cryptographers discovered SHAttered technique that could make two different files appear as they had the same SHA-1 file signature. When the Google cryptographers disclosed the vulnerability, creating same SHA-1 file signature was considered an expensive prospect for cybercriminals, and OpenSSH continued supporting it. However, in two years’ time, the costs have come down considerably. Research indicates new methods for SHA-1 chosen-prefix collision attack cost under $50,000 today.

OpenSSH feels that the $50,000 price to break this encryption is very less considering how state-sponsored hackers are competing with each other to generate an SSH authentication key that grants them remote and undetected access to critical enemy servers.

OpenSSH decides to disable “SSH-RSA” permanently

OpenSSH also decided to disable the SSH-RSA public key signature algorithm from its next release. This means death for the SSH-RSA public key. The OpenSSH app uses the “SSH-RSA” mode to generate SSH authentication keys. One of these keys is stored on the server a user wants to log in, and the other is stored in the user’s local OpenSSH client, allowing users to access servers without having to enter their passwords on every login, presenting the local authentication key instead. These keys are generated using the SHA-1 hashing function. Since the SHA-1 is now being deprecated, Also since the SHA-1 is at risk using the SHAterred attack means ultimately the SSH-RSA keys could be easily duplicated.

This algorithm is unfortunately still used widely despite the existence of better alternatives, being the only remaining public key signature algorithm specified by the original SSH RFCs.


The OpenSSH has now recommended the following modes:

rsa-sha2-256/512 (supported since OpenSSH 7.2), ssh-ed25519 (supported since OpenSSH 6.5) or ecdsa-sha2-nistp256/384/521 (supported since OpenSSH 5.7)

If you use any of the above two encryption methods, you should check the OpenSSH 8.3 changelog for details.


About Author

"The Internet is the first thing that humanity has built that humanity doesn't understand, the largest experiment in anarchy that we have ever had." Eric Schmidt

Notify of
Inline Feedbacks
View all comments