Welcome to the VanDyke Software Forums

Join the discussion today!


Go Back   VanDyke Software Forums > General
Reload this Page FAQ: What causes the "No compatible MAC" error in SecureCRT?
FAQ Calendar Search Today's Posts Mark Forums Read

Notices

Closed Thread
 
Thread Tools Display Modes
  #1  
Old 10-02-2018, 02:09 PM
bgagnon bgagnon is offline
VanDyke Technical Support
  
Join Date: Oct 2008
Posts: 4,636
Question FAQ: What causes the "No compatible MAC" error in SecureCRT?
If you are getting some form of the below error:
Key exchange failed.
No compatible MAC. The server supports these MACs: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,UMAC-64,UMAC-128,SHA2-256,SHA2-512,SHA1

You can turn on Trace Options output (File menu) and find this info:
Code:
[LOCAL] : Available Remote Send Macs = umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 
[LOCAL] : Selected Send Mac = hmac-sha2-512 
[LOCAL] : Available Remote Recv Macs = umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 
[LOCAL] : Selected Recv Mac = hmac-sha2-512


MAC (Message Authentication Code): The MAC options are in the same category (Session Options -> Connection / SSH2 / Advanced) as ciphers. SecureCRT will try the listed MAC methods in order. The list can be reordered using the Up/Down arrow buttons next to the list.



As of version 8.5.1, current MAC methods are (with version when support was first added):
SHA2-512-EtM (v8.5.x)
SHA2-256-EtM (v8.5.x)
SHA1-EtM (v8.5.x)
UMAC-64-EtM (v8.5.x)*
UMAC-128 (v8.3.x)*
UMAC-128-EtM (v8.5.x)*
SHA2-512 (v7.2.x)
SHA2-256 (v7.2.x)
UMAC-64 (v6.1.x)*
SHA1 (v3.0.x)
SHA1-96 (v3.0.x)*/**
MD5 (v3.0.x)*/**
MD5-96 (v3.0.x)*/**
*Not available when client is running in FIPS mode
**Removed support for SHA1-96, MD5 and MD5-96 as of v9.0


You can employ the power of editing the Default session to enable any new MAC algorithms in all of your existing and future sessions. Here are some links to a tip and a video that provide more details about using the Default session to make mass changes to multiple sessions:
https://www.vandyke.com/support/tips/defaultset.html
https://www.youtube.com/watch?v=5RbuZn9L48g
Note: In order for a "change" to be applied to all other sessions, the Default session's option/field you're targeting must actually be modified/different from its current value.
Attached Images
File Type: png key_ex_MAC_error_in_SCRT.png (28.1 KB, 27964 views)
File Type: png SCRT851_altered_MAC_category.png (43.7 KB, 27540 views)
__________________
Thanks,
--Brenda

VanDyke Software
Technical Support
support@vandyke.com
(505) 332-5730
Last edited by bgagnon; 10-29-2020 at 08:18 AM. Reason: Change icon to question mark
Closed Thread

Tags
debugging , etm , faq , hmac , mac , securecrt , securefx , sha2 , troubleshooting , umac

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -6. The time now is 01:24 PM.