Issue

What were you trying to do that didn't work? In 3.7.1 Examples of opting out of system-wide crypto policies we explain that OpenSSH client can opt out of crypto policies: To opt out of system-wide cryptographic policies for your OpenSSH client, perform one of the following tasks: - For a given user, override the global ssh_config with a user-specific configuration in the ~/.ssh/config file. - For the entire system, specify the cryptographic policy in a drop-in configuration file located in the /etc/ssh/ssh_config.d/ directory, with a two-digit number prefix smaller than 50, so that it lexicographically precedes the 50-redhat.conf file, and with a .conf suffix, for example, 49-crypto-policy-override.conf. But this doesn't always work, in particular when wanting to get back SHA1, because SHA1 needs to also be enabled in OpenSSL. See use case RHEL-19389. Please provide the package NVR for which bug is seen: Security hardening Guide as of Dec 14, 2023

Release Notes

No. of Comments

Resolution

Won't Do