Hello list, regarding the known weaknesses of SHA-1, wouldn't it be a better choice to omit "diffie-hellman-group14-sha1" and "diffie-hellman-group-exchange-sha1" in KexAlgorithms setting for OpenSSH (Listing 2.10 through 2.12)? Thanks, Henning