MAC client and server list

The 7210 SAS supports a configurable client and server MAC list for SSHv2, which allows the user to add or remove Message Authentication Code (MAC) algorithms from the list. The user can program the strong Hashed Message Authentication Code (HMAC) algorithms on top of the configurable MAC list (for example, lowest index in the list) to be negotiated first between the client and server. The first algorithm in the list that is supported by both the client and the server is the one that is agreed upon.

There are two configurable MAC lists:

The default client and server MAC list includes all supported algorithms in the following preference order:

  1. mac 200 name hmac-sha2-512

  2. mac 210 name hmac-sha2-256

  3. mac 215 name hmac-sha1

  4. mac 220 name hmac-sha1-96

  5. mac 225 name hmac-md5

  6. mac 230 name hmac-ripemd160

  7. mac 235 name hmac-ripemd160-openssh-com

  8. mac 240 name hmac-md5-96

Note:

The configurable MAC list is only supported for SSHv2 and not for SSHv1. SSHv1 only supports 32-bit CRC.