Be advise that ssh and PKI encryption has issues from ciphers to hmac support for both the server and client. Various ssh-clients can't support all types.
reference my previous cipher post http://socpuppet.blogspot.com/2013/04/ssh-and-ciphers-tipstricks.html
When it comes to the hmac and the target ssh-server you can check support by defining the hmac to use.
Within openssh you have to use the -m option and specify the "hmac" that you want to try. The ssh-server will either accept or reject , and if you use the -v option you can easily find the support versions that it supports. Both ssh client and server will use the highest mutual support version between the pair.
e.g
Here's an example of the stronger to weaker hmac types
SHA512
SHA384
SHA256
SHA224
SHA1
MD5
MD4
You can use the free tool to explore and graft various message hashing
http://www.freeformatter.com/hmac-generator.html
On most openssh based sshclients you can use the -Q option to display your support versions
Ken Felix
NSE ( network security expert) and Route/Switching Engineer
kfelix -----a----t---- socpuppets ---dot---com
^ ^
=( @ @ )=
o
/ \
No comments:
Post a Comment