New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add hmac-sha2-256 MAC support #365

Closed
wants to merge 1 commit into
base: master
from

Conversation

Projects
None yet
3 participants
@dagwieers

dagwieers commented Jul 25, 2014

This small patch adds hmac-sha2-256 support to paramiko.

Some security standards now recommend to disable MD5 and SHA1, and use SHA2 instead. This change was tested using SHA2 against RHEL6's OpenSSH v5.3p1 and Solaris 11. And was also tested with RHEL5's OpenSSH 4.3p2 which doesn't include SHA2.

Add hmac-sha2-256 MAC support
This small patch adds hmac-sha2-256 support to paramiko.

Some security standards now recommend to disable MD5 and SHA1, and use SHA2 instead. This change was tested using SHA2 against RHEL6's OpenSSH v5.3p1 and Solaris 11. And was also tested with RHEL5's OpenSSH 4.3p2 which doesn't include SHA2.

dagwieers added a commit to dagwieers/paramiko that referenced this pull request Jul 25, 2014

Add hmac-sha2-512 MAC support
This small patch adds hmac-sha2-512 support to paramiko, like paramiko#365.

Some security standards now recommend to disable MD5 and SHA1, and use SHA2 instead. This change was tested using SHA2 against RHEL6's OpenSSH v5.3p1 and Solaris 11. And was also tested with RHEL5's OpenSSH 4.3p2 which doesn't include SHA2.

@dagwieers dagwieers changed the title from Add hmac-sha2-256 MAC support to Add hmac-sha2-256 and hmac-sha2-512 MAC support Jul 25, 2014

@zamiam69

This comment has been minimized.

Contributor

zamiam69 commented Jul 28, 2014

Does this also work with an openssh server? EtiennePerot and ashb worked also on this problem and implemented also the corresponding key group exchanges. In the end they reported that they could still not connect to openssh servers. I tried their patches and only got it working when I also changed the hash algorithm in transport.py, cf. #356

@dagwieers

This comment has been minimized.

dagwieers commented Jul 28, 2014

Only sha2-256 seems to work in my implementation, we have a similar issue with sha2-512 in the phpseclib project, although some have reported success with a specific version of Ubuntu+OpenSSH.

@dagwieers dagwieers changed the title from Add hmac-sha2-256 and hmac-sha2-512 MAC support to Add hmac-sha2-256 MAC support Jul 29, 2014

@bitprophet

This comment has been minimized.

Member

bitprophet commented Aug 9, 2014

This looks like a duplicate of #341, sorry! Closing in favor of that one.

@bitprophet bitprophet closed this Aug 9, 2014

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment