openssh unix dev - Apr 2013 - Using hmac-sha2-256 in OpenSSH 6.2p1

Hi,

I could not use hmac-sha2-256 in OpenSSH 6.2p1. I tried configuring in
sshd_config file also, but the server was not starting. How can I use
hmac-sha2-256 & hmac-sha2-512 in OpenSSH server in accordance with RFC
6668?

I have installed OpenSSH in a computer with the following configuration:
Architecture: x86 32-bit
OS: RHEL AS 4 (Nahant update 4) (Linux version 2.6.9-42.EL)

Thanks and regards,
Anurag,
Advisory Software Engineer,
B2B & Commerce, Industry Solutions, ISL, IBM,
#4/1, 2nd floor, Tower D, IBC Knowledge Park, Bannerghatta road, Bangalore,
India - 560029.
Phone (O): +91-80-49126451, ext: 26451, Tie-line: 26451.

On Fri, Apr 05, 2013 at 03:39:11PM +0530, Anurag Panda
wrote:
> I could not use hmac-sha2-256 in OpenSSH 6.2p1. I tried configuring in
> sshd_config file also, but the server was not starting. How can I use
> hmac-sha2-256 & hmac-sha2-512 in OpenSSH server in accordance with RFC
> 6668?
> 
> I have installed OpenSSH in a computer with the following configuration:
> Architecture: x86 32-bit
> OS: RHEL AS 4 (Nahant update 4) (Linux version 2.6.9-42.EL)
That will only be available if the OpenSSL library supports sha256.
If it does have it, you'll see HAVE_EVP_SHA256 defined in config.h

What version of OpenSSL do you have?  If I'm reading their cvs history
right, sha256 support was added in 0.9.8.

If that's the reason, and you really need those MACs, you have a couple
of options: upgrade the openssl rpms (which may cause other problems),
or you can compile a newer openssl as a static library and use
"./configure --with-ssl-dir=/path/to/your/ssl/dir" to link against
that
(but you'll have to remember to recompile both if there are any security
problems in that openssl in future).

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.