Similar to the work in #161 and #164 but simpler.
I have tested this with a demos/demo_server.py and the following ssh command line on OSX:
ssh -l robey -o 'MACs=hmac-sha2-256' -vvv -p 2200 localhost
It connects and auths okay.
I tried to add hmac-sha2-512 as well but this has kex problems that I didn't
want to dig into here
Remove magic numbers in the test that relied on which mac/cipher was …
Add hmac-sha2-256 to list of supported HMACs
Coverage decreased (-0.06%) when pulling f355ba0 on ashb:hmac-sha2-sha256 into e811e71 on paramiko:master.
👍 I was wondering why I wasn't able to use Paramiko with my OpenSSH servers. Appears Paramiko is lacking support for "better" MACs, since I've restricted this to SHA-2 (and AES-GCM for more recent OpenSSH servers). Would be great to have support for SSH servers with older MACs disabled as a security policy.
E.g. OpenSSH 6.0+ with the following set in sshd_config:
Thanks! Feels related to #161 too. Labeling for followup.
And then I find #356 which extends this even further. Closing/consolidating, will make sure to give credit in changelog however. Thanks!