New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add hmac-sha2-256 to the list of supported macs #341

wants to merge 2 commits into
base: master


None yet
4 participants

ashb commented May 30, 2014

Similar to the work in #161 and #164 but simpler.

I have tested this with a demos/ and the following ssh command line on OSX:

ssh -l robey -o 'MACs=hmac-sha2-256' -vvv -p 2200 localhost

It connects and auths okay.

I tried to add hmac-sha2-512 as well but this has kex problems that I didn't
want to dig into here


This comment has been minimized.

coveralls commented May 30, 2014

Coverage Status

Coverage decreased (-0.06%) when pulling f355ba0 on ashb:hmac-sha2-sha256 into e811e71 on paramiko:master.


This comment has been minimized.

gertvdijk commented Jun 26, 2014

👍 I was wondering why I wasn't able to use Paramiko with my OpenSSH servers. Appears Paramiko is lacking support for "better" MACs, since I've restricted this to SHA-2 (and AES-GCM for more recent OpenSSH servers). Would be great to have support for SSH servers with older MACs disabled as a security policy.

E.g. OpenSSH 6.0+ with the following set in sshd_config:

Ciphers aes128-ctr,aes192-ctr,aes256-ctr
MACs hmac-sha2-256,hmac-sha2-512

This comment has been minimized.


bitprophet commented Aug 8, 2014

Thanks! Feels related to #161 too. Labeling for followup.

@bitprophet bitprophet added Feature and removed Keys labels Aug 8, 2014


This comment has been minimized.


bitprophet commented Aug 9, 2014

And then I find #356 which extends this even further. Closing/consolidating, will make sure to give credit in changelog however. Thanks!

@bitprophet bitprophet closed this Aug 9, 2014

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment