The error "Unable to negotiate with host port 22: no matching MAC found. Their offer: hmac-sha2-512,hmac-sha2-256" indicates that there's a mismatch in the MAC (Message Authentication Code) algorithms
supported by the client and the server during an SSH connection attempt.
In this article, we will share how to check to fix this issue.
Checking Supported MAC Algorithms in SSH Client and Server
To check the MAC (Message Authentication Code) algorithms supported by your SSH client or server, you can use the ssh
command for the client and the sshd
command for the server. Here's how to do it:
- SSH Client: To see the MAC algorithms that the SSH client supports:
ssh -Q mac
- SSH Server: To see the MAC algorithms that the SSH server (
sshd
) supports:
sshd -T | grep macs
Alternatively, you can use:
sshd -T | grep -i macs
This command will display the current MACs configuration from sshd_config
. If you haven't specifically set this, it will display the defaults.
After running these commands, you'll get a list of supported MAC algorithms. You can then compare and configure both the client and the server to ensure they have common algorithms for a successful connection.
For detailed steps to fix no matching MAC found issue on Linux, you can refer to this article:
https://www.howtouselinux.com/post/fix-unable-to-negotiate-with-host-port-22-no-matching-mac-found-in-linux
Top comments (0)