Dropbear SSH remove HMAC-MD5
The Dropbear SSH client and server configuration is changed to not
accept the HMAC-MD5 algorithm when making connections.
The MD5 algorithm is no longer considered secure.
With this change, Dropbear supports the following MAC algorithms:
SHA1_HMAC, SHA2_256_HMAC, and SHA2_512_HMAC.
Note that Dropbear does not yet support HMAC-SHA3.
Tested:
$ ssh -m hmac-sha1-96 root@${bmc}
Unable to negotiate with ${bmc} port 22:
no matching MAC found.
Their offer: hmac-sha1,hmac-sha2-256,hmac-sha2-512
$ ssh root@${bmc} # worked
Change-Id: I734e24754d33729f643f6e61e7f40f18ea374197
Signed-off-by: Joseph Reynolds <jrey@us.ibm.com>
1 file changed