After deactivating weak HMAC the zimbra deamon could not connect over ssh to the local machine.
Due to this fact, the admin interace throw SOAP errors.
I found that the included client only supports hmac-sha1-96,hmac-sha1,hmac-md5-96,hmac-md5. This looks quite legacy to me. Are there plans to update the used ssh client to support more up to date hmacs and ciphers
Regards,
Dominik
Weak ssh hmac forced by zimbra
Re: Weak ssh hmac forced by zimbra
Since AFAIK Zimbra stilluses the outdated Ganymed SSH library I don't think this is possible without a few changes and switching to a library like JSSH. If you're running a NE install, you should open a support case in the support portal with this question.
That said, (I learned this from Zimbra staff) is HMAC-SHA1 (contrary to plain SHA1) still secure though, even HMAC-MD5 was even still considered secure last time I checked.
That said, (I learned this from Zimbra staff) is HMAC-SHA1 (contrary to plain SHA1) still secure though, even HMAC-MD5 was even still considered secure last time I checked.