In our configuration of lsh, the lsh client send
"hmac-sha1,hmac-md5"
Our server sends "hmac-md5,hmac-sha1,none".
In this case, lsh is electing to go with
hmac-md5, which I believe is incorrect.
>From draft-ietf-secsh-transport-06, Section
5.1. Algorithm Negotiation:
> mac_algorithms
> Lists the acceptable MAC algorithms in order of preference. The
> chosen MAC algorithm MUST be the first algorithm on the client's
> list that is also on the server's list. If there is no such
> algorithm, both sides MUST disconnect.
It appears that the first algorithm on the client's (lsh, in this case)
list should be chosen, which would result in "hmac-sha1" being used.
Thanks,
Joseph Galbraith
[EMAIL PROTECTED]
