On Tue, 2 May 2017, Jakub Jelen wrote: > > I believe this is expected behavior and limitation of the current behavior. > The manual page also says > > > For each parameter, the first obtained value will be used. [...] > > > [...] will be removed *from the default set instead of replacing them*. > > Therefore: > * Only the default set is affected > * The second Macs option is ignored (because Macs are already set) Yes. I missed that. Sorry :( > This might be confusing especially when specifying multiple values and > improving that would be very nice. Yes, please. > I would investigate the debug log with -vvv switches to see what is > actually offered by server and client. Alright, I just did: $ ssh -vvv -oMacs=umac-64@xxxxxxxxxxx localhost : 2>&1 | egrep -i 'macs|umac' debug2: MACs ctos: umac-64@xxxxxxxxxxx debug2: MACs stoc: umac-64@xxxxxxxxxxx debug2: MACs ctos: umac-128-etm@xxxxxxxxxxx,hmac-sha2-256-etm@xxxxxxxxxxx,hmac-sha2-512-etm@xxxxxxxxxxx,hmac-sha1-etm@xxxxxxxxxxx,umac-128@xxxxxxxxxxx,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: MACs stoc: umac-128-etm@xxxxxxxxxxx,hmac-sha2-256-etm@xxxxxxxxxxx,hmac-sha2-512-etm@xxxxxxxxxxx,hmac-sha1-etm@xxxxxxxxxxx,umac-128@xxxxxxxxxxx,hmac-sha2-256,hmac-sha2-512,hmac-sha1 No error/warning/anything. I should also mention that this is the Debian packaged openssh 7.5p1. It applies some 31 patches to the source. I can't tell if they interfere with the proper behaviour, it doesn't seem so, but I can't exclude the risc. Colin might. Cheers, -- Cristian _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev