Jump to content

Enable and Disable SHA1 algorithm on your system CentOS Stream 9/AlmaLinux 9/RockyLinux 9

Recommended Posts

Today we’ll learn How to enable or Disable SHA1 system-wide cryptographic policy and why we’re disabling SHA-1? because SHA-1 hash function has an inherently weak design, and advancing cryptanalysis has made it vulnerable to attacks, Centos/RHEL 8 and Centos/RHEL 9 does not use SHA-1 by default. Nevertheless, some third-party applications, for example, public signatures, still use SHA-1.

To disable the use of SHA-1 in signature algorithms on your system, you can use the NO-SHA1 policy module.


update-crypto-policies --set DEFAULT:NO-SHA1

And reboot the system to apply it systemwide.

In the internet there are thousands or lakhs of devices still uses SHA-1 Algorithm Like older OS for example Centos 6 peoples are still using it due to very light in resources and there old applications are still running there. From This old OS if you’re trying to connect to a modern OS like EL9/centos 9 for example with SSH you’ll get error like below :

no hostkey alg

If you check the error massage in modern OS it will show like below :


Unable to negotiate with port 43614: no matching host key type found. Their offer: ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss [preauth]
** this is happening because the latest version of openssh has dropped the support for SHA1.

To fix this you need to enable SHA-1 algorithm in your modern OS for example in EL9/Centos 9 :

Run the below command to enable SHA-1

update-crypto-policies --set DEFAULT:SHA1

That’s it you’ve enabled System-wide crypto policy to enable SHA1 a system reboot will also recommended after enabling SHA1

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...