Your browser does not allow storing cookies. We recommend enabling them.


Configuring MACs

The MAC (Message Authentication Code) algorithm(s) used for data integrity verification can be selected in the sshd2_config file:

MACs                hmac-sha1,hmac-md5

The system will attempt to use the different HMAC algorithms in the sequence they are specified on the line. The supported MAC names are the following:

Special values for this option are the following:

  • Any: allows all the MAC values including none

  • AnyStd: allows only those MACs mentioned in the IETF SecSh draft (hmac-md5, hmac-md5-96, hmac-sha1, hmac-sha1-96) and none

  • none: means that no cryptographic data integrity method is used

  • AnyMac: the same as Any but excludes none

  • AnyStdMac: the same as AnyStd but exludes none

The default MAC algorithms are: hmac-sha1, hmac-sha1-96,,,,, and




What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.

    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH

    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now