Configuring MACs

The MAC (Message Authentication Code) algorithm(s) used for data integrity verification can be selected in the sshd2_config file:

MACs                hmac-sha1,hmac-md5

The system will attempt to use the different HMAC algorithms in the sequence they are specified on the line. The supported MAC names are the following:

Special values for this option are the following:

  • Any: includes all supported MACs plus none.

  • AnyStd: includes MACs from the IETF SSH standards (hmac-md5, hmac-md5-96, hmac-sha1, hmac-sha1-96, hmac-sha2-256, hmac-sha2-512) and none.

  • none: means that no cryptographic data integrity method is used.

  • AnyMac: the same as Any but excludes none.

  • AnyStdMac: the same as AnyStd but exludes none.

The default MAC algorithms are: hmac-sha1, hmac-sha1-96, hmac-sha2-256,,,,, hmac-sha2-512, and