fatal: no matching mac found: unable to ssh due to strict cipher set for pci dss compliance on remote box
SSH Connection Error: No Matching MAC Found Due to Strict Cipher Set for PCI DSS Compliance
Overview: This article tackles SSH connection issues arising from strict cipher requirements under PCI DSS compliance. It covers troubleshooting connecting to servers with restricted cipher support and recommends upgrading Ezeelogin to version 7.2.6 or above to align with security standards and ensure connectivity
Q. Unable to remote servers which have strict ciphers enabled. On the target server's side we see the error: "fatal: no matching mac found: client hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,[email protected] server hmac-sha2-512,hmac-sha2-256".
Q. The following ciphers are enabled on my remote box and unable to ssh from ezeelogin ssh jumpbox
KexAlgorithms diffie-hellman-group-exchange-sha256
MACs hmac-sha2-512,hmac-sha2-256
Ciphers aes256-ctr,aes192-ctr,aes128-ctr
It's for PCI compliance
Ans: Upgrade to ezeelogin version 7.2.6 and above.