diff --git a/phpseclib/Net/SSH2.php b/phpseclib/Net/SSH2.php
index 9514c1a4..726ca88c 100644
--- a/phpseclib/Net/SSH2.php
+++ b/phpseclib/Net/SSH2.php
@@ -1163,6 +1163,9 @@ class Net_SSH2
         }
 
         $mac_algorithms = array(
+            // from <http://www.ietf.org/rfc/rfc6668.txt>:
+            'hmac-sha2-256',// RECOMMENDED     HMAC-SHA256 (digest length = key length = 32)
+
             'hmac-sha1-96', // RECOMMENDED     first 96 bits of HMAC-SHA1 (digest length = 12, key length = 20)
             'hmac-sha1',    // REQUIRED        HMAC-SHA1 (digest length = key length = 20)
             'hmac-md5-96',  // OPTIONAL        first 96 bits of HMAC-MD5 (digest length = 12, key length = 16)
@@ -1692,6 +1695,10 @@ class Net_SSH2
 
         $createKeyLength = 0; // ie. $mac_algorithms[$i] == 'none'
         switch ($mac_algorithms[$i]) {
+            case 'hmac-sha2-256':
+                $this->hmac_create = new Crypt_Hash('sha256');
+                $createKeyLength = 32;
+                break;
             case 'hmac-sha1':
                 $this->hmac_create = new Crypt_Hash('sha1');
                 $createKeyLength = 20;
@@ -1718,6 +1725,11 @@ class Net_SSH2
         $checkKeyLength = 0;
         $this->hmac_size = 0;
         switch ($mac_algorithms[$i]) {
+            case 'hmac-sha2-256':
+                $this->hmac_check = new Crypt_Hash('sha256');
+                $checkKeyLength = 32;
+                $this->hmac_size = 32;
+                break;
             case 'hmac-sha1':
                 $this->hmac_check = new Crypt_Hash('sha1');
                 $checkKeyLength = 20;