Professional Documents
Culture Documents
How To Disable 96-Bit HMAC Algorithms and MD5-based HMAC Algorithms On Solaris SSHD
How To Disable 96-Bit HMAC Algorithms and MD5-based HMAC Algorithms On Solaris SSHD
1
Copyright (c) 2021, Oracle. All rights reserved. Oracle Confidential.
How To Disable 96-bit HMAC Algorithms And MD5-based HMAC Algorithms On Solaris sshd
(Doc ID 1682164.1)
In this Document
Symptoms
Cause
Solution
References
APPLIES TO:
Solaris Operating System - Version 10 3/05 HW2 to 11.4 [Release 10.0 to 11.0]
Information in this document applies to any platform.
SYMPTOMS
The security scanner reported following vulnerabilities on Solaris regarding SunSSH sshd (secure shell daemon):
SOLUTION:
CAUSE
96-bit HMAC and MD5-based HMAC algorithms are being used by the current SSH.
SOLUTION
Use "man sshd_config" to verify the default MAC used by current SSH:
Example:
# man sshd_config
https://support.oracle.com/epmos/faces/DocumentDisplay?_adf.ctrl-state=92x165rpu_21&id=1682164.1 1/2
2/10/2021 Document 1682164.1
MACs
Specifies the available MAC (message authentication
code) algorithms. The MAC algorithm is used in protocol
version 2 for data integrity protection. Multiple algo-
rithms must be comma-separated. The default is hmac-
md5,hmac-sha1,hmac-sha1-96,hmac-md5-96, hmac-sha2-256,
hmac-sha2-256-96, hmac-sha2-512, and hmac-sha2-512-96.
Macs hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha2-256-96,hmac-sha2-512-96
REFERENCES
NOTE:2086158.1 - How to Check which SSH Ciphers and HMAC Algorithms are in use
Didn't find what you are looking for?
https://support.oracle.com/epmos/faces/DocumentDisplay?_adf.ctrl-state=92x165rpu_21&id=1682164.1 2/2