ssh on windows - Corrupted MAC on input

Question

I've installed OpenSSH on Windows.

I can successfully connect to my remote server via ssh with Putty from this Windows machine.

But when opening a PowerShell, and trying

ssh my_user@1.2.3.4

I've got the error:

debug3: send packet: type 5                                                                    
Corrupted MAC on input.                                                                        
ssh_dispatch_run_fatal: Connection to 1.2.3.4 port 22: message authentication code incorrect

When looking on my remote server in the secure logs, I've got:

Dec  7 03:20:22 allo-01 sshd[10102]: Connection from 4.3.2.1 port 49869 on 1.2.3.4 port 22
Dec  7 03:20:23 allo-01 sshd[10102]: Connection reset by 4.3.2.1 port 49869 [preauth]

Do you know what's wrong? Why my ssh command from openssl on windows behave differently from PuTTY?

The Windows OpenSSL is based on LibreSSL vs. hosts are probably running openssh based on openssl - hence the slight algo mismatch. Pity it fails to negotiate as it should. — Ed Randall, Jul 10 '20 at 07:23

Jake · Answer 1 · 2020-09-07T16:03:43.707

49

Raoul's answer to his own question is correct. I ran into the same issue and adding the correct algorithm name after the -m option works (in my case the option was -m hmac-sha2-512 to connect from PowerShell to a machine running Ubuntu 18.04).

I wasn't sure which algorithm to use, but you can list all the available ones by running:

ssh -Q mac

I selected one at random, tried it and the remote server returned saying that algorithm wasn't supported, but it handily told me which one's were so that I could amend my command. Using this command I could then ssh into the remote machine:

ssh -m hmac-sha2-512 <user_name>@<remote_address>

If you need to use scp too, the parameter is different:

scp -o MACs=hmac-sha2-512 <and the rest of your scp command>

edited Sep 07 '20 at 16:03

answered Feb 08 '20 at 09:06

Jake

591
4
6

1

I'm wondering why this is needed when connecting to a CentOS 7 host but it isn't needed on an Ubuntu 20.04 - both with same MACs configuration in sshd_config. – Michael Aug 04 '20 at 12:01
As @jake mentioned, ssh my_user@1.2.3.4 -m hmac-sha2-512 This works – Kishan K Feb 23 '23 at 05:26

score 6 · Answer 2 · answered Dec 13 '19 at 23:51

Well,

Corrupted MAC on input.

let me think about something wrong with my ethernet card.

Indeed, in ssh world, MAC means "message authentication code".

So, I resolve my issue by adding to my ssh command option -m with an accepectable algorithm by the remote.

score 4 · Answer 3 · answered Oct 17 '22 at 16:32

4

I tried many solutions that were available, but the below one worked.

Add "MACs hmac-sha2-512" to the SSH config file

answered Oct 17 '22 at 16:32

arjun

41
1

ssh on windows - Corrupted MAC on input

3 Answers3