Steps to Disable Kex Algorithm

  1. Run command: nmap --script ssh2-enum-algos -p 22 <ip address>
    Note: Replace <ip address> in the command with the actual IP.
    The deprecated algorithm diffie-hellman-group1-sha1 will be active. Refer the following image for the same.
  2. Run command: sudo vi /etc/ssh/sshd_config
    1. sshd_config file will open.
      Note: Make sure you have a KexAlgorithms list. This list should not include diffie-hellman-group1-sha1 entry.
      Note: Below mentioned is the reference text used in the above image:KexAlgorithms curve25519-sha256, [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
    2. Save the changes and exit from the file.
  3. Run command: udo systemctl restart sshd
  4. Execute command: nmap --script ssh2-enum-algos -p 22 <ip address>
    Note:
    1. Replace <ip address> with the actual IP.
    2. Confirm that diffie-hellman-group1-sha1 is disabled. Refer the following image for the same.