Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?





Hierarchy Level

Release Information

Statement introduced in Junos OS Release 11.2.

SHA-2 options introduced in Junos OS Release 12.1.


Specify the set of message authentication code (MAC) algorithms that the SSH server can use to authenticate messages.


Specify one or more of the following MAC algorithms to authenticate messages:

  • hmac-md5—Hash-based MAC using Message-Digest 5 (MD5)

  • hmac-md5-96—96-bits of hash-based MAC using MD5

  •—96-bits of hash-based Encrypt-then-MAC using MD5

  •—Hash-based Encrypt-then-MAC using MMD5

  • hmac-ripemd160—Hash-based MAC using RIPEMD

  •—Hash-based Encrypt-then-MAC using RIPEMD

  • hmac-sha1—Hash-based MAC using secure hash algorithm-1 (SHA-1)

  • hmac-sha1-96—96-bits of hash-based MAC using SHA-1

  •—96-bits of hash-based Encrypt-then-MAC using SHA-1

  •—Hash-based Encrypt-then-MAC using SHA-1

  • hmac-sha2-256—256-bits of hash-based MAC using secure hash algorithm-2 (SHA-2)

  •—Hash-based Encrypt-then-Mac using SHA-2

  • hmac-sha2-512—512-bits of hash-based MAC using SHA-2

  •—Hash-based Encrypt-then-Mac using SHA-2

  •—Encrypt-then-MAC using UMAC-128 algorithm specified in RFC4418

  •—UMAC-128 algorithm specified in RFC4418

  •—Encrypt-then-MAC using UMAC-64 algorithm specified in RFC4418

  •—UMAC-64 algorithm specified in RFC4418


The macs configuration statement represents a set. Therefore, it must be configured as shown in the following example.

Required Privilege Level

system—To view this statement in the configuration.

system-control—To add this statement to the configuration.

Related Documentation