The ssh client hmac command configures an HMAC algorithm list for an SSH client.
The undo ssh client hmac command restores the default configuration.
By default, an SSH client supports all HMC algorithms.
ssh client hmac { md5 | md5_96 | sha1 | sha1_96 | sha2_256 | sha2_256_96 } *
undo ssh client hmac
| Parameter | Description | Value |
|---|---|---|
md5 |
Adds the HMAC MD5 algorithm to an HMAC algorithm list. |
- |
md5_96 |
Adds the HMAC MD5_96 algorithm to an HMAC algorithm list. |
- |
sha1 |
Adds the HMAC SHA1 algorithm to an HMAC algorithm list. |
- |
sha1_96 |
Adds the HMAC SHA1_96 algorithm to an HMAC algorithm list. |
- |
sha2_256 |
Adds the HMAC SHA2_256 algorithm to an HMAC algorithm list. |
- |
sha2_256_96 |
Adds the HMAC SHA2_256_96 algorithm to an HMAC algorithm list. |
- |
Usage Scenario
An SSH server and a client need to negotiate an HMAC algorithm for the packets exchanged between them. You can run the ssh client hmac command to configure an HMAC algorithm list for an SSH client. After the list is configured, the client sends a packet carrying it to the server. Upon receipt of the packet, the server matches the list against the local list and selects the first HMAC algorithm that matches the local list. If no HMAC algorithms in the list of the client match the local list, the negotiation fails.
Precautions
sha2_256 provides the highest security, followed by sha2_256_96, sha1, sha1_96, md5, and md5_96 in order.
Do not add sha2_256_96, sha1, sha1_96, md5, or md5_96 to the HMAC algorithm list because they provide the lowest security among the supported HMAC algorithms. The sha2_256 HMAC algorithm has been added to the list in the factory configuration file.