Using hmac-sha2-256 in OpenSSH 6.2p1

Darren Tucker dtucker at zip.com.au
Fri Apr 5 22:05:23 EST 2013


On Fri, Apr 05, 2013 at 03:39:11PM +0530, Anurag Panda wrote:
> I could not use hmac-sha2-256 in OpenSSH 6.2p1. I tried configuring in
> sshd_config file also, but the server was not starting. How can I use
> hmac-sha2-256 & hmac-sha2-512 in OpenSSH server in accordance with RFC
> 6668?
> 
> I have installed OpenSSH in a computer with the following configuration:
> Architecture: x86 32-bit
> OS: RHEL AS 4 (Nahant update 4) (Linux version 2.6.9-42.EL)

That will only be available if the OpenSSL library supports sha256.
If it does have it, you'll see HAVE_EVP_SHA256 defined in config.h

What version of OpenSSL do you have?  If I'm reading their cvs history
right, sha256 support was added in 0.9.8.

If that's the reason, and you really need those MACs, you have a couple
of options: upgrade the openssl rpms (which may cause other problems),
or you can compile a newer openssl as a static library and use
"./configure --with-ssl-dir=/path/to/your/ssl/dir" to link against that
(but you'll have to remember to recompile both if there are any security
problems in that openssl in future).

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.


More information about the openssh-unix-dev mailing list