Add hmac-sha2-256 MAC support #365
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This small patch adds hmac-sha2-256 support to paramiko. Some security standards now recommend to disable MD5 and SHA1, and use SHA2 instead. This change was tested using SHA2 against RHEL6's OpenSSH v5.3p1 and Solaris 11. And was also tested with RHEL5's OpenSSH 4.3p2 which doesn't include SHA2.
dagwieers
added a commit
to dagwieers/paramiko
that referenced
this pull request
Jul 25, 2014
This small patch adds hmac-sha2-512 support to paramiko, like paramiko#365. Some security standards now recommend to disable MD5 and SHA1, and use SHA2 instead. This change was tested using SHA2 against RHEL6's OpenSSH v5.3p1 and Solaris 11. And was also tested with RHEL5's OpenSSH 4.3p2 which doesn't include SHA2.
dagwieers
changed the title
|
Does this also work with an openssh server? EtiennePerot and ashb worked also on this problem and implemented also the corresponding key group exchanges. In the end they reported that they could still not connect to openssh servers. I tried their patches and only got it working when I also changed the hash algorithm in transport.py, cf. #356 |
|
Only sha2-256 seems to work in my implementation, we have a similar issue with sha2-512 in the phpseclib project, although some have reported success with a specific version of Ubuntu+OpenSSH. |
dagwieers
changed the title
|
This looks like a duplicate of #341, sorry! Closing in favor of that one. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This small patch adds hmac-sha2-256 support to paramiko.
Some security standards now recommend to disable MD5 and SHA1, and use SHA2 instead. This change was tested using SHA2 against RHEL6's OpenSSH v5.3p1 and Solaris 11. And was also tested with RHEL5's OpenSSH 4.3p2 which doesn't include SHA2.