This variable limits the types of MAC algorithms that SSH can use during communication. Notes: Some organizations may have stricter requirements for approved MACs. Ensure that MACs used are in compliance with site policy The only 'strong' MACs currently FIPS 140-2 approved are hmac-sha2-256 and hmac-sha2-512 The Supported MACs are: hmac-md5 hmac-md5-96 hmac-sha1 hmac-sha1-96 hmac-sha2-256 hmac-sha2-512 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] Rationale: MD5 and 96-bit MAC algorithms are considered weak and have been shown to increase exploitability in SSH downgrade attacks. Weak algorithms continue to have a great deal of attention as a weak spot that can be exploited with expanded computing power. An attacker that breaks the algorithm could take advantage of a MiTM position to decrypt the SSH tunnel and capture credentials and information