SSHD HMAC Configuration

ssh encryption terminology cryptography
9,422

The man page says so. Why don't you just try it out ? Setup a SSH server somewhere, with that configuration, and connect to it from another machine with ssh -vv: the debug log will show the list of MAC algorithms advertised as supported by the server.

(I read your last sentence as: "I know this is stupid but I don't want to discuss it", which I further interpret as "I am looking for the fastest way to shut some dumb auditors up".)

Share:
9,422

Related videos on Youtube

John
Author by

John

Just a random person looking for ways to expand my knowledge and passion for technology.

Updated on September 18, 2022

Comments

  • John
    John almost 2 years

    I have read and understand the posting from here, https://security.stackexchange.com/questions/39756/secure-configuration-of-ciphers-macs-kex-available-in-ssh. However, I would like to know what the /etc/sshd_config configuration would look like should I want to accomplish the following goals:

    • Disable any 96-bit HMAC Algorithms
    • Disable any MD5-based HMAC Algorithms

    Would it be the following?

    MACs [email protected],[email protected],hmac-sha2-512,hmac-sha2-256,[email protected],hmac-sha1,[email protected],[email protected],[email protected],[email protected],hmac-ripemd160

    Note that this question is looking for the configuration setting(s) needed; and not reasons, rationale, or discussion of why this may or may not be a good idea.

  • John
    John over 10 years
    yes, this is due to some audits being performed where the network based vulnerability scanner is showing vulnerabilities for "SSH Insecure HMAC Algorithms Enabled." I am looking for a configuration that will satisfy their scans.
  • pdu
    pdu over 9 years
    Sounds like nessus. I was just playing around with this, thanks for that!
  • Smithers
    Smithers over 9 years
    man pages are most useful to those who already know how it works (it being whatever the man page is about)... so the "RTFM" portion of the answer isn't terribly helpful.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

UI lags during heavy computation operation in Flutter even with async
PS256 signing in Flutter / Dart
Flutter - client side encryption of user data
Encrypted in Java and Decrypting in dart flutter
How to find reverse of pow(a,b,c) in python?
What is the key size for PBEWithMD5AndTripleDES?
How to decrypt AES with CryptoJS
C++ XOR encryption
C# - Encrypting and Decrypting Data using RSA
java.security.spec.InvalidKeySpecException and Inappropriate key specification error in java program