The developers of the OpenSSH implementation of Secure Shell have announced their intention to drop support for SHA-1 in a ‘near future release.’ OpenSSH is used by millions of system administrators to securely access networked systems. OpenSSH supports various encryption algorithms and the decision to drop support for SHA-1 comes as recent research demonstrates it is now possible to effectively attack the digital signatures created by SHA-1.
In the release notes the developers state:
It is now possible to perform chosen-prefix attacks against the SHA-1 algorithm for less than USD$50K. For this reason, we will be disabling the “ssh-rsa” public key signature algorithm by default in a near-future release.
This algorithm is unfortunately still used widely despite the existence of better alternatives, being the only remaining public key signature algorithm specified by the original SSH RFCs.
The potential challenge for system administrators is the existence of legacy network devices that cannot be easily updated including: industrial control systems and even devices such as ATM cash machines which require SHA-1 support to protect their SSH encryption keys.
When the updated OpenSSH client arrives in the near future it will refuse to connect to these legacy devices (if they require SHA-1) meaning administrators need to plan now to identify and upgrade these devices or make provision to securely retain a legacy OpenSSH environment.