HOW TO SPECIFY MESSAGE AUTHENTICATION CODES (MACS) ON AN SSH SERVER IN 5 EASY STEPS


In the data security world, ensuring that your data has not been hacked or altered is extremely important. SSH is a protocol method for secure remote login. It allows secure data transfer and protects vital information. SSH protects communications with strong encryption, and provides several options for strong authentication.

When you use an SSH Server, you can specify the Message Authentication Code (MAC) algorithms available to the server that are offered to the client. Typically, the MAC algorithms are offered to the client in the server’s default order unless specified. The default order will vary from release to release to deliver the best blend of security and performance.

You can specify the Message Authentication Algorithms that the SSH server can offer to the client in 5 easy steps by modifying the registry key szMACs. These steps will show the specification process using the GSW SSH Server for Windows.

The key is:

For Win x64: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Georgia SoftWorks\GSW_SSHD\Parameters\szMACs

For Win x86: HKEY_LOCAL_MACHINE\SOFTWARE\Georgia SoftWorks\GSW_SSHD\Parameters\szMACs

The following is the default value for Message Authentication Code algorithms. hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-sha1-etm@openssh.com,hmac-sha1,hmac-sha1-96,hmacmd5,none

The following is the list and order of all algorithms available with the FIPS 140-2 option disabled. hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,none

The following is the list and order of algorithms available with the FIPS 140-2 option enabled. hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96

The registry parameter bDisableFIPS must be set to 1 to use algorithms which are not on the FIPS list. The default value of this parameter is 0.

5 Easy Steps to Change the Registry Key to Specify the MAC algorithms available to the SSH Client:

  1. Click the START button at the bottom left corner of your screen.
  2. Click RUN and type REGEDIT. Then click OK.
  3. Select the proper registry Key.

WINx64: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Georgia SoftWorks\GSW_SSHD\Parameters\szMACs

WINx86: HKEY_LOCAL_MACHINE\SOFTWARE\Georgia SoftWorks\GSW_SSHD\Parameters\szMACs

  1. Select the menu item EDIT and then click on MODIFY.
  2. Enter the new value for szMACs and click 0. The new value will take effect when the SSH Service is restarted.

You can change this registry key to your preferred order and it will maintain your specified order until it is modified again. You can also modify it as often as desired.

Posted in How To's and Helpful Information on Jun 18, 2020



LinkedIn Facebook Twitter Pinterest Reddit StumbleUpon Tumblr Email