ssh server hmac

Function

The ssh server hmac command configures HMAC authentication algorithms on an SSH server.

The undo ssh server hmac command restores the default HMAC authentication algorithms on the SSH server.

By default, the SSH server supports these HMAC authentication algorithms: SHA2_512 and SHA2_256.

Format

ssh server hmac { md5 | md5_96 | sha1 | sha1_96 | sha2_256 | sha2_256_96 | sha2_512 } ^*

undo ssh server hmac

Parameters

Parameter	Description	Value
md5	Specifies an HMAC MD5 authentication algorithm.	-
md5_96	Specifies an HMAC MD5_96 authentication algorithm.	-
sha1	Specifies an HMAC SHA1 authentication algorithm.	-
sha1_96	Specifies an HMAC SHA1_96 authentication algorithm.	-
sha2_256	Specifies an HMAC SHA2_256 authentication algorithm. This algorithm is recommended.	-
sha2_256_96	Specifies an HMAC SHA2_256_96 authentication algorithm.	-
sha2_512	Specifies an HMAC SHA2_512 authentication algorithm.	-

Views

System view

Default Level

3: Management level

Task Name and Operations

Task Name	Operations
ssh-server	write

Usage Guidelines

Usage Scenario

To configure HMAC authentication algorithms on an SSH server, run the ssh server hmac command. The SSH client and server negotiate authentication algorithms for the packets exchanged between them. During negotiation, the client sends its authentication algorithms to the server. After comparing the received authentication algorithms with the local ones on the server, the server selects the first matching authentication algorithm received for packet transmission. If no matching authentication algorithm is found, the negotiation fails.

Precautions

To ensure high security, you can use the HMAC authentication algorithms such as: sha2_256, sha2_512.
This command takes effect for both IPv4 and IPv6 SSH clients.

Example

# Configure an HMAC SHA2_256 algorithms.

<HUAWEI> system-view
[~HUAWEI] ssh server hmac sha2_256