Add hmac-sha2-256 MAC support #365

Closed
wants to merge 1 commit into
from

Projects

None yet

3 participants

@dagwieers

This small patch adds hmac-sha2-256 support to paramiko.

Some security standards now recommend to disable MD5 and SHA1, and use SHA2 instead. This change was tested using SHA2 against RHEL6's OpenSSH v5.3p1 and Solaris 11. And was also tested with RHEL5's OpenSSH 4.3p2 which doesn't include SHA2.

@dagwieers dagwieers Add hmac-sha2-256 MAC support
This small patch adds hmac-sha2-256 support to paramiko.

Some security standards now recommend to disable MD5 and SHA1, and use SHA2 instead. This change was tested using SHA2 against RHEL6's OpenSSH v5.3p1 and Solaris 11. And was also tested with RHEL5's OpenSSH 4.3p2 which doesn't include SHA2.
c59d755
@dagwieers dagwieers added a commit to dagwieers/paramiko that referenced this pull request Jul 25, 2014
@dagwieers dagwieers Add hmac-sha2-512 MAC support
This small patch adds hmac-sha2-512 support to paramiko, like #365.

Some security standards now recommend to disable MD5 and SHA1, and use SHA2 instead. This change was tested using SHA2 against RHEL6's OpenSSH v5.3p1 and Solaris 11. And was also tested with RHEL5's OpenSSH 4.3p2 which doesn't include SHA2.
e89bfe3
@dagwieers dagwieers changed the title from Add hmac-sha2-256 MAC support to Add hmac-sha2-256 and hmac-sha2-512 MAC support Jul 25, 2014
@zamiam69
Contributor

Does this also work with an openssh server? EtiennePerot and ashb worked also on this problem and implemented also the corresponding key group exchanges. In the end they reported that they could still not connect to openssh servers. I tried their patches and only got it working when I also changed the hash algorithm in transport.py, cf. #356

@dagwieers

Only sha2-256 seems to work in my implementation, we have a similar issue with sha2-512 in the phpseclib project, although some have reported success with a specific version of Ubuntu+OpenSSH.

@dagwieers dagwieers changed the title from Add hmac-sha2-256 and hmac-sha2-512 MAC support to Add hmac-sha2-256 MAC support Jul 29, 2014
@bitprophet
Member

This looks like a duplicate of #341, sorry! Closing in favor of that one.

@bitprophet bitprophet closed this Aug 9, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment