Linux) ssh no matching MAC found 오류_해결

요약

ubuntu 22.04.1 을 설치하고 oracle linux 7.9에서 접근하려고 했는데

인증 오류("no matching MAC found" )가 났고

[-m mac_spec] 설정으로 해결했어요

$ ssh -m hmac-sha2-512 -A spc@10.***.70.41

 

문제

there's some incompatibility between the ssh client shipped with Windows and the server on Ubuntu 22.04.

#사례1
# source, linux Oracle Linux Server release 7.6
# source, ssh OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
$ telnet 10.***.70.41 22
Trying 10.***.70.41...
Connected to 10.***.70.41.
Escape character is '^]'.
SSH-2.0-OpenSSH_8.9p1 Ubuntu-3
^C^C^C^C
Connection closed by foreign host.

$ ssh 10.***.70.41
Unable to negotiate with 10.***.70.41 port 22: no matching MAC found. Their offer: hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-256

 

#사례2
# source, linux Oracle Linux Server release 6.5
# source, ssh OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
ssh OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013

$ telnet 10.***.70.41 22
Trying 10.***.70.41...
Connected to 10.***.70.41 (10.***.70.41).
Escape character is '^]'.
SSH-2.0-OpenSSH_8.9p1 Ubuntu-3

$  ssh 10.***.70.41
no hostkey alg

원인은 source와 target이 사용하는 ssh 버전이 달라 인증에 사용되는 알고리즘이 맞지 않은 것

해결

# source linux, oracle linux 7.6 -> target linux, ubuntu 22.04.1

mac_spec을 지정해주면 해결할 수 있어요

$ ssh -m hmac-sha2-512 -A spc@10.***.70.41 #됨

$ ssh -m hmac-sha2-512 -A spc@10.***.70.42 #안됨

 

아래는 query_option으로 mac 정보를 soucre linux에서 출력했어요

$ ssh -Q mac
hmac-sha1
hmac-sha1-96
hmac-sha2-256
hmac-sha2-512
hmac-md5
hmac-md5-96
hmac-ripemd160
hmac-ripemd160@openssh.com
umac-64@openssh.com
umac-128@openssh.com
hmac-sha1-etm@openssh.com
hmac-sha1-96-etm@openssh.com
hmac-sha2-256-etm@openssh.com
hmac-sha2-512-etm@openssh.com
hmac-md5-etm@openssh.com
hmac-md5-96-etm@openssh.com
hmac-ripemd160-etm@openssh.com
umac-64-etm@openssh.com
umac-128-etm@openssh.com

 

https://serverfault.com/questions/1113797/ssh-agent-forwarding-not-working-on-ubuntu-22-04