HostOnNet Blog

CentOS 7 no matching mac found

Posted on October 12, 2017 by admin

Looking for Linux Server Admin or WordPress Expert? We can help.

Contact Us

On a new CentOS 7/CloudLinux server, i had to get CloudLinux license support, but for some reason CloudLinux support can’t login to my server. It worked fine on Ubuntu 16.04. CloudLinux support sent following log, asked me to check.

[17:41]divanov@sshbox:~$ ssh -v root@SERVER-IP-HERE
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /home/clsupport/.ssh/config
debug1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Executing proxy command: exec /usr/bin/sss_ssh_knownhostsproxy -p 22 SERVER-IP-HERE
debug1: permanently_drop_suid: 500
debug1: identity file /home/clsupport/.ssh/identity type -1
debug1: identity file /home/clsupport/.ssh/identity-cert type -1
debug1: identity file /home/clsupport/.ssh/id_rsa type 1
debug1: identity file /home/clsupport/.ssh/id_rsa-cert type -1
debug1: identity file /home/clsupport/.ssh/id_dsa type 2
debug1: identity file /home/clsupport/.ssh/id_dsa-cert type -1
debug1: identity file /home/clsupport/.ssh/id_ecdsa type -1
debug1: identity file /home/clsupport/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1
debug1: match: OpenSSH_6.6.1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
no matching mac found: client hmac-sha1,[email protected],hmac-ripemd160 server [email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256

This is because CentOS 7 ssh server have removed some MAC for better security. But enabling them is fine for most.

This is fixed by editing

vi /etc/ssh/sshd_config

Find line

MACs [email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256

Replace it with

MACs hmac-sha1,hmac-sha1-96,hmac-md5,[email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,hmac-ripemd160

This will add following extra MACs.

hmac-sha1,hmac-sha1-96,hmac-md5,hmac-ripemd160

Now restart SSHD with

service sshd restart

Posted in CentOS

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.