The MAC (Message Authentication Code) algorithm(s) used for data integrity
verification can be selected in the sshd2_config
file:
MACs hmac-sha1,hmac-md5
The system will attempt to use the different HMAC algorithms in the sequence they are specified on the line. The supported MAC names are the following:
hmac-md5 | hmac-sha1-96 | hmac-sha256@ssh.com |
hmac-md5-96 | hmac-sha256-2@ssh.com | hmac-sha384@ssh.com |
hmac-sha1 | hmac-sha224@ssh.com | hmac-sha512@ssh.com |
Special values for this option are the following:
Any
: allows all the MAC values including
none
AnyStd
: allows only those MACs mentioned in the
IETF SecSh draft (hmac-md5
,
hmac-md5-96
, hmac-sha1
, hmac-sha1-96
) and
none
none
: means that no cryptographic data integrity method
is used
The default MAC algorithms are: hmac-sha1
,
hmac-sha1-96
, hmac-sha256-2@ssh.com
,
hmac-sha224@ssh.com
, hmac-sha256@ssh.com
,
hmac-sha384@ssh.com
, and hmac-sha512@ssh.com
.