Secure Source Manager removes legacy SSH algorithms for enhanced security
Secure Source Manager has removed support for several legacy and insecure SSH algorithms to enhance security and address vulnerabilities. Clients must now support modern algorithms like curve25519-sha256 for key exchange and chacha20-poly1305 for ciphers to connect via SSH. Users with outdated SSH clients may be unable to connect and are advised to update.
Breaking changes (1) ›
- Secure Source Manager
To enhance security and address potential vulnerabilities (such as GHSA-3m6q-h5gj-7mrw), the Secure Source Manager Git-over-SSH server configuration has removed support for several legacy and insecure SSH algorithms. SSH clients must support one or more of the following modern algorithms to connect: Key Exchange Algorithms: curve25519-sha256 , diffie-hellman-group14-sha256 Ciphers: [email protected] , aes128-ctr , aes192-ctr,aes256-ctr , [email protected] , [email protected] MACs: [email protected] , hmac-sha2-256 Users with old or non-standard SSH clients lac
https://docs.cloud.google.com/release-notes#May_28_2026