Yes, there aren't any known attacks right now, but since MD5 itself already has practical collision attacks against it, there isn't any good reason to use HMAC-MD5 in a new cryptosystem when there are better alternatives.
---
Supporting evidence: new versions of OpenSSHD do not use HMAC-MD5 by default anymore: it has to be enabled manually.
The default is:
umac-64-etm@openssh.com,umac-128-etm@openssh.com,
hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,
umac-64@openssh.com,umac-128@openssh.com,
hmac-sha2-256,hmac-sha2-512
Yes, there aren't any known attacks right now, but since MD5 itself already has practical collision attacks against it, there isn't any good reason to use HMAC-MD5 in a new cryptosystem when there are better alternatives.
---
Supporting evidence: new versions of OpenSSHD do not use HMAC-MD5 by default anymore: it has to be enabled manually.
http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man5/...