Recent versions of Termius support the SHA-2 algorithm, a secure alternative to SHA-1.
The SHA-1 algorithm can't be considered secure: since 2020, it's possible to perform chosen-prefix attacks against SHA-1 for less than USD$50K. It is why SHA-1 will be deprecated in one of the next versions of OpenSSH.
OpenSSH added support for SHA-2 in 2016 in OpenSSH 7.2, and since then SHA-2 has been used by default. As of now, SHA-1 is used when the client doesn't support SHA-2 or when SHA-2 is enforced, which can be done like so:
- For OpenSSH version 8.5 and newer
AuthenticationMethods publickey PubkeyAcceptedAlgorithms rsa-sha2-512,rsa-sha2-256
- For OpenSSH version prior 8.5
AuthenticationMethods publickey PubkeyAcceptedKeyTypes rsa-sha2-512,rsa-sha2-256
Termius supports SHA-2 (rsa-sha2-256/512) starting from:
- Termius for the desktop 7.12.0,
- Termius for iOS 4.8.3,
- Termius for Android 5.3.1.
The following algorithms are also good alternatives to SHA-1: ssh-ed25519, ecdsa-sha2-nistp256/384/521.
To stay secure and protect your server infrastructure, we recommend updating your OpenSSH servers and Termius apps or using ed25519 or ecdsa keys for authentication.
Add comment
Please sign in to leave a comment.