Given the recent news about advances in causing SHA1 collisions, I think it's even more important for openssh to start not accepting known weak crypto (including sha1) by default.
https://sites.google.com/site/itstheshappening/ I don't see any upstream bugs about this. Should this bug be forwarded? Or maybe separate bugs should be filed for MD5, SHA1, NIST, etc? Thanks, -- Matt Taggart [email protected]
