Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add hmac-sha2-256 MAC support #365

Closed
wants to merge 1 commit into from
Closed

Conversation

@dagwieers
Copy link

@dagwieers dagwieers commented Jul 25, 2014

This small patch adds hmac-sha2-256 support to paramiko.

Some security standards now recommend to disable MD5 and SHA1, and use SHA2 instead. This change was tested using SHA2 against RHEL6's OpenSSH v5.3p1 and Solaris 11. And was also tested with RHEL5's OpenSSH 4.3p2 which doesn't include SHA2.

This small patch adds hmac-sha2-256 support to paramiko.

Some security standards now recommend to disable MD5 and SHA1, and use SHA2 instead. This change was tested using SHA2 against RHEL6's OpenSSH v5.3p1 and Solaris 11. And was also tested with RHEL5's OpenSSH 4.3p2 which doesn't include SHA2.
dagwieers added a commit to dagwieers/paramiko that referenced this pull request Jul 25, 2014
This small patch adds hmac-sha2-512 support to paramiko, like paramiko#365.

Some security standards now recommend to disable MD5 and SHA1, and use SHA2 instead. This change was tested using SHA2 against RHEL6's OpenSSH v5.3p1 and Solaris 11. And was also tested with RHEL5's OpenSSH 4.3p2 which doesn't include SHA2.
@dagwieers dagwieers changed the title Add hmac-sha2-256 MAC support Add hmac-sha2-256 and hmac-sha2-512 MAC support Jul 25, 2014
@zamiam69
Copy link
Contributor

@zamiam69 zamiam69 commented Jul 28, 2014

Does this also work with an openssh server? EtiennePerot and ashb worked also on this problem and implemented also the corresponding key group exchanges. In the end they reported that they could still not connect to openssh servers. I tried their patches and only got it working when I also changed the hash algorithm in transport.py, cf. #356

@dagwieers
Copy link
Author

@dagwieers dagwieers commented Jul 28, 2014

Only sha2-256 seems to work in my implementation, we have a similar issue with sha2-512 in the phpseclib project, although some have reported success with a specific version of Ubuntu+OpenSSH.

@dagwieers dagwieers changed the title Add hmac-sha2-256 and hmac-sha2-512 MAC support Add hmac-sha2-256 MAC support Jul 29, 2014
@bitprophet
Copy link
Member

@bitprophet bitprophet commented Aug 9, 2014

This looks like a duplicate of #341, sorry! Closing in favor of that one.

@bitprophet bitprophet closed this Aug 9, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

3 participants