Windows – ssh on windows – Corrupted MAC on input

opensslpowershellsshwindows

I've installed OpenSSH on Windows.

I can successfully connect to my remote server via ssh with Putty from this Windows machine.

But when opening a PowerShell, and trying

ssh my_user@1.2.3.4

I've got the error:

debug3: send packet: type 5                                                                    
Corrupted MAC on input.                                                                        
ssh_dispatch_run_fatal: Connection to 1.2.3.4 port 22: message authentication code incorrect

When looking on my remote server in the secure logs, I've got:

Dec  7 03:20:22 allo-01 sshd[10102]: Connection from 4.3.2.1 port 49869 on 1.2.3.4 port 22
Dec  7 03:20:23 allo-01 sshd[10102]: Connection reset by 4.3.2.1 port 49869 [preauth]

Do you know what's wrong? Why my ssh command from openssl on windows behave differently from PuTTY?

Best Answer

Raoul's answer to his own question is correct. I ran into the same issue and adding the correct algorithm name after the -m option works (in my case the option was -m hmac-sha2-512 to connect from PowerShell to a machine running Ubuntu 18.04).

I wasn't sure which algorithm to use, but you can list all the available ones by running:

ssh -Q mac

I selected one at random, tried it and the remote server returned saying that algorithm wasn't supported, but it handily told me which one's were so that I could amend my command. Using this command I could then ssh into the remote machine:

ssh -m hmac-sha2-512 <user_name>@<remote_address>

If you need to use scp too, the parameter is different:

scp -o MACs=hmac-sha2-512 <and the rest of your scp command>

Related Solutions

Sshd on mac does no longer accept connections in inetd (-i) mode, but does in do not detach mode (-D), how to fix

It's pretty non-standard to use initd to start anything on a Mac. Instead, launchd is used, kicking off sshd in an ad hoc fashion (ie, it doesn't run as a typical server daemon until there's knock on the door). I suspect that your use of Linux-centric Webmin to manage ssh is contributing to the problem, since Webmin doesn't know a whole lot about launchd.

First, make sure the ssh launchd item is configured to load, just to eliminate the obvious.

sudo launchctl load -w /System/Library/LaunchDaemons/ssh.plist

This is akin to ticking the box on Server Admin.app in the Settings options to enable SSH. Check syslog to see if launchctl is complaining about something.

It's unclear why you would want Webmin to handle SSH, but Apple's default configuration might be illuminating.

There's a launchd item in /System/Library/LaunchDaemons called sshd.plist. This XML file indicates that /usr/libexec/sshd-keygen-wrapper is used as the "program" that actually kicks off /usr/sbin/sshd using the -i flag. (The sshd-keygen-wrapper program is a shell script to first set up initial rsa and dsa keys in empty user home dirs.) The sshd-keygen-wrapper, however, also kicks off sshd like exec /usr/sbin/sshd $@ and is a trusted/whitelisted program as far as the socket firewall is concerned.

You might also want to grab the default /etc/sshd_config from backup or another machine to eliminate that as a variable in troubleshooting.

SSH-forwarded X11 display from Linux to Mac lost after some time

The ssh sessions started after I changed the Mac client's /etc/ssh_config to include the line:

ForwardX11Timeout 596h

are all working fine and have been all day. By now they all would have been refusing to start new xterms. So I believe this is the answer, and luckily a simple solution, but the timeout will still happen 3-1/2 weeks from now.

Best Answer

Related Solutions

Sshd on mac does no longer accept connections in inetd (-i) mode, but does in do not detach mode (-D), how to fix

SSH-forwarded X11 display from Linux to Mac lost after some time

Related Topic