AnsweredAssumed Answered

Supported SSH MAC Algorithms

Question asked by bruju01 Employee on Feb 7, 2017
Latest reply on Jun 14, 2017 by lutch01

We're currently using CA PAM 2.6 and while apply security benchmarks to our RHEL 6 hosts I've found that PAM supports a rather limited list of MAC algorithms.

 

The security benchmark we use for RHEL 6 requires the MAC algorithms to be limited to the following.

hmac-sha2-512,hmac-sha2-256 

 

There are a few other algorithms allowed, but they aren't supported by OpenSSH 5.3p1 which is shipped in RHEL 6.

 

PAM 2.6 supports the following MACs according to the error message I received.

'mac-algorithms-cli2srv', our's: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96,hmac-ripemd160, peer's: hmac-sha2-256,hmac-sha2-512

 

Does PAM 2.7 or 2.8 support any SHA2 MAC algorithms for SSH?

Outcomes