Your browser does not allow storing cookies. We recommend enabling them.

SSH

Configuring MACs

The MAC (Message Authentication Code) algorithm(s) used for data integrity verification can be selected in the sshd2_config file:

MACs                hmac-sha1,hmac-md5

The system will attempt to use the different HMAC algorithms in the sequence they are specified on the line. The supported MAC names are the following:

hmac-md5hmac-sha2-256hmac-sha384@ssh.com
hmac-md5-96hmac-sha256-2@ssh.comhmac-sha2-512
hmac-sha1hmac-sha224@ssh.comhmac-sha512@ssh.com
hmac-sha1-96hmac-sha256@ssh.com

Special values for this option are the following:

  • Any: allows all the MAC values including none

  • AnyStd: allows only those MACs mentioned in the IETF Secsh draft (hmac-md5, hmac-md5-96, hmac-sha1, hmac-sha1-96, hmac-sha2-256, hmac-sha2-512) and none

  • none: means that no cryptographic data integrity method is used

  • AnyMac: the same as Any but excludes none

  • AnyStdMac: the same as AnyStd but exludes none

The default MAC algorithms are: hmac-sha1, hmac-sha1-96, hmac-sha2-256, hmac-sha256-2@ssh.com, hmac-sha224@ssh.com, hmac-sha256@ssh.com, hmac-sha384@ssh.com, hmac-sha2-512, and hmac-sha512@ssh.com.


 

 
PrivX
 

 

 
What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.



    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH



    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now