Skip to Content

Fix Unable to negotiate with host port 22: no matching MAC found in Linux

The error “Unable to negotiate with host port 22: no matching MAC found. Their offer: hmac-sha2-512,hmac-sha2-256” indicates that there’s a mismatch in the MAC (Message Authentication Code) algorithms supported by the client and the server during an SSH connection attempt.

In this article, we will share how to fix this issue.

How to fix no matching MAC found issue on Linux

Here’s how you can resolve this:

1. Update SSH (Optional): Before making any changes, ensure that both the client and the server are using the latest version of SSH. An updated version might support more algorithms.

Get Your Free Linux training!

Join our free Linux training and discover the power of open-source technology. Enhance your skills and boost your career! Learn Linux for Free!

For different Linux distributions, package management tools and sometimes package names differ.

Here’s how you can upgrade openssh-server and openssh-clients in some popular distributions:

Debian/Ubuntu (and derivatives):

sudo apt update
sudo apt upgrade openssh-server openssh-clients

Fedora:

sudo dnf update openssh-server openssh-clientss

CentOS/RHEL (7 and below):

sudo yum update openssh-server openssh-clients

CentOS/RHEL (8 and above):

sudo dnf update openssh-server openssh-clients

openSUSE:

sudo zypper refresh
sudo zypper up openssh

2. Modify the SSH Config: You can add the MAC algorithms offered by the server to your client’s SSH configuration.

– Open the SSH configuration file: vi ~/.ssh/config

– If this file doesn’t exist, you can create it.

– Add the following lines:

Host 10.254.244.3
MACs hmac-sha2-512,hmac-sha2-256

– Save and exit (in `vi`, press `esc`, press `:wq`, then exit vi ).

3. Connect Again: Try to connect again using SSH.

4. Server-side Configuration (Optional): If you have access to the server and wish to change the MAC algorithms it offers, you can modify the server’s SSHD configuration.

– Edit the SSHD configuration:

sudo vi /etc/ssh/sshd_config

– Find the `MACs` line. If it’s not there, you can add it. Modify it to:

MACs hmac-sha2-512,hmac-sha2-256

– Save and exit.

– Restart the SSHD service:

sudo service sshd restart

5. Ensure Security: While the above steps can help in establishing the connection, it’s crucial to ensure that any changes made do not compromise the security of the connection. Always use strong, secure algorithms and regularly review and update configurations as needed.

If you’ve made these changes and are still facing issues, double-check the algorithms supported by both the client and the server. Adjust configurations accordingly.