mac-alg

Parameters

algorithm

Specifies the SSH MAC algorithms to use in SSH communication. The order of algorithms is important. The server compares its list to the client list in order of preference. The first algorithm in the client list is chosen when also supported by the server.

The algorithms in the following table are supported. You can change the preference order of cipher suites. When you enter the algorithms, use the value in the second column. The third column indicates whether the algorithm is a default algorithm.

Table 1. Supported SSH MAC algorithms in default order of preference

Algorithm	Values to enter	Is default?
umac-64@openssh.com	UMAC-64_AT_OPENSSH.COM	Yes
umac-128@openssh.com	UMAC-128_AT_OPENSSH.COM	Yes
hmac-sha2-256	HMAC-SHA2-256	Yes
hmac-sha2-512	HMAC-SHA2-512	Yes
hmac-sha1	HMAC-SHA1	Yes
umac-64-etm@openssh.com	UMAC-64-ETM_AT_OPENSSH.COM	No
umac-128-etm@openssh.com	UMAC-128-ETM_AT_OPENSSH.COM	No
hmac-sha2-256-etm@openssh.com	HMAC-SHA2-256-ETM_AT_OPENSSH.COM	No
hmac-sha2-512-etm@openssh.com	HMAC-SHA2-512-ETM_AT_OPENSSH.COM	No
hmac-sha1-etm@openssh.com	HMAC-SHA1-ETM_AT_OPENSSH.COM	No

Guidelines

The mac-alg command specifies the message authentication codes (MAC) algorithms in the SSH client profile for encryption negotiation with an SFTP server. An SSH client profile is associated with an SFTP client policy. Changes to the algorithms do not affect existing connections.

To create an SFTP client policy, use the User Agent sftp-policy command.

To specify multiple algorithms, run this command for each algorithm. Adding new algorithm does not delete existing ones. The new algorithms are always appended to the list.

You can use the no mac-alg command to clear all the algorithms in the profile. When all algorithms are cleared, the default algorithms are used. The default algorithms are the same as listed in the previous table.

This command is relevant when the profile-usage command is set to sftp.