How to Disable SHA1 and Enable SHA2 for App Connector VM

Modified on Fri, 1 Dec, 2023 at 4:00 PM

TABLE OF CONTENTS

  • Product Details
  • Issue/ Problem
  • Impact
  • Solution
  • Best Practice
  • Summary


Product : Zscaler Private Access (ZPA) App Connector

Component : Zscaler Client App

Version : 2.8.17  Build No. : 152.2



Issue/ Problem :


Customer request to Disable SHA1 and Enable SHA2 for App Connector VM after done Vulnerability Scanning


Impact :

No Impact but Increase Security as using SHA2


Solution : 

Step 1:


Go to below directory and uncomment the below line


Vi /etc/sysconfig/sshd


Uncomment


CRYPTO_POLICY=


Step 2:


Go to the below directories and append the below lines at the end of file


vi /etc/ssh/sshd_config


KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256


Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr


MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com


Step 3:


systemctl restart sshd


sudo ssh -Q key

sudo SSH -t


Summary : 

 The method is only applied if customer request to rectify the SHA1 Ciphers after Vulnerability Scanning

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article