Dell Networking: OS10 weak ssh-rsa algorithm

Summary: The issue a weak ssh-rsa algorithm detected by nmap on Dell’s S4148F-ON switch running firmware version 10.5.6.6. Customers reported this vulnerability and requested a solution to disable the weak algorithm. The security team confirmed that ssh-rsa is still supported in OpenSSH for backward compatibility but recommended removing it from the default list. ...

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

  • Nmap scan tool detects weak ssh-rsa algorithm being used
  • The customer is unable to find the OS10 command to disable the algorithm.

Cause

The root cause is the presence of the ssh-rsa algorithm in the list of supported algorithms of server host key, which is considered weak and vulnerable.

Resolution

Fix Version: The target release for the fix is 10.6.0.2.

Workaround: Customers can use stronger host key algorithms like rsa-sha2-512 and ssh-ed25519.

Next Steps: Extend the ip ssh server CLI with a HostKeyAlgorithms option to configure the default algorithm.

Sample Logs

nmap --script ssh2-enum-algos <switch ip address>
Starting Nmap 7.80 ( https://nmap.org ) at 2024-11-25 11:47 IST
Nmap scan report for 100.104.93.82
Host is up (0.0034s latency).
Not shown: 999 closed ports
PORT   STATE SERVICE
22/tcp open  ssh
ssh2-enum-algos: 
  kex_algorithms: (4) curve25519-sha256 curve25519-sha256@libssh.org ecdh-sha2-nistp384 kex-strict-s-v00@openssh.com
  server_host_key_algorithms: (5) ssh-rsa rsa-sha2-256 rsa-sha2-512 ecdsa-sha2-nistp256 ssh-ed25519
  encryption_algorithms: (2) aes256-ctr aes256-gcm@openssh.com
  mac_algorithms: (3) umac-128@openssh.com hmac-sha2-256 hmac-sha2-512
  compression_algorithms: (2) none zlib@openssh.com
Nmap done: 1 IP address (1 host up) scanned in 0.47 seconds

 

NMAP outputs when used against an OS10 switch:

command line NMAP outputs when used against an OS10 switch

Article Properties
Article Number: 000275289
Article Type: Solution
Last Modified: 17 Sep 2025
Version:  2
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.