Your browser does not allow this site to store cookies and other data. Some functionality on this site may not work without them. See Privacy Policy for details on how we would use cookies.

SSH

Configuring MACs

The MAC (Message Authentication Code) algorithm(s) used for data integrity verification can be selected in the sshd2_config file:

MACs                hmac-sha1,hmac-md5

The system will attempt to use the different HMAC algorithms in the sequence they are specified on the line. The supported MAC names are the following:

hmac-md5hmac-sha2-256hmac-sha384@ssh.com
hmac-md5-96hmac-sha256-2@ssh.comhmac-sha2-512
hmac-sha1hmac-sha224@ssh.comhmac-sha512@ssh.com
hmac-sha1-96hmac-sha256@ssh.com

Special values for this option are the following:

  • Any: includes all supported MACs plus none.

  • AnyStd: includes MACs from the IETF SSH standards (hmac-md5, hmac-md5-96, hmac-sha1, hmac-sha1-96, hmac-sha2-256, hmac-sha2-512) and none.

  • none: means that no cryptographic data integrity method is used.

  • AnyMac: the same as Any but excludes none.

  • AnyStdMac: the same as AnyStd but exludes none.

The default MAC algorithms are: hmac-sha1, hmac-sha1-96, hmac-sha2-256, hmac-sha256-2@ssh.com, hmac-sha224@ssh.com, hmac-sha256@ssh.com, hmac-sha384@ssh.com, hmac-sha2-512, and hmac-sha512@ssh.com.

===AUTO_SCHEMA_MARKUP===