Our risk/vulnerability software kept flagging my Macs server with a low risk "SSH Weak Message Authentication Code Algorithms". I didn't see any Mac specific articles out there. Posting the "fix" that worked for my environment here.
By default macOS sshd includes the following "insecure" Message Authentication Code (MAC) algorithms for SSH:
The fix is to set /etc/ssh/sshd_config to use the secure MAC Algorithms.
Appending to the end of the file worked in macOS 12 and 13.
echo "MACS email@example.com,firstname.lastname@example.org,email@example.com,firstname.lastname@example.org,hmac-sha2-256,hmac-sha2-512" >> /etc/ssh/sshd_config
My Mac servers reboot nightly I did not need to worry about registering SSH/Remote Login.
List all MAC address algorithms available in the local system
ssh -Q mac
The sshd config file has its own man page with details/defaults:
Test/Scan for weak SSH MAC algorithms using a nMap script: https://nmap.org/nsedoc/scripts/ssh2-enum-algos.html
How this helps someone out there!
You perhaps should configure it for FIPS validated ciphers and things only
This is info from Apple on FIPS and SSH https://support.apple.com/guide/sccc/security-certifications-for-macos-sccc5eb3dc4fa/web