Warning ssh-rsa algorithm is disabled

Hello.

I have a strange warning on my /var/log/messages:

“main: sshd: ssh-rsa algorithm is disabled”

I changed my ssh keys but the warning continue to appear.

I don’t know how to stop it (I’m using ecdsa keys)

Do you have any information ?

Hey there!

This message shows up in the OpenSSH log because SHA-1 is basically nearly fully disabled. So that’s a security measure.

Could this be your answer?
https://undeadly.org/cgi?action=article;sid=20210830113413

I know that it’s disabled but the message pop like every second in my log, really annoying.

So I just want to disable it, or reduce the frequency

Nov 16 14:49:47 neurozone sshd[14783]: main: sshd: ssh-rsa algorithm is disabled
Nov 16 14:49:47 neurozone sshd[14785]: main: sshd: ssh-rsa algorithm is disabled
Nov 16 14:49:47 neurozone sshd[14787]: main: sshd: ssh-rsa algorithm is disabled
Nov 16 14:49:47 neurozone sshd[14789]: main: sshd: ssh-rsa algorithm is disabled

I can’t find the reference about how those is implemented right now, but in short it’s… as soon as SHA-1 is not available anymore (done by default on EL 9 in the crypto-policies) ssh-rsa gets disabled, but that mostly doesn’t matter nowadays

yup, but 4 messages every second is too much

I’m not aware of any config parameter to disable that :thinking:

Hm thinking of it, could it be that shows up when the client tries to access via ssh-rsa instead of ssh-ed25519 or something else?

1 Like

I had the same question.
I currently have only one ssh connection to the server with an ecdsa key (I removed all the old keys, and recreate only one new ecdsa key)

So I doubt it

Mmmm

Found it…

My server is under attack from hackers.
they try to login on it.

1 Like

Well good that it’s secure enough so they don’t come through, good luck! :slightly_smiling_face:

login only by ssh key protected by password so…Yes
Need to find how to block full countries on firewalld.

Thank you for you help (I increased fail2ban mode for ssh)