VanDyke Software Forums

VanDyke Software Forums (https://forums.vandyke.com/index.php)
-   General (https://forums.vandyke.com/forumdisplay.php?f=11)
-   -   FAQ: What causes the "No compatible MAC" error in SecureCRT? (https://forums.vandyke.com/showthread.php?t=13275)

bgagnon 10-02-2018 03:09 PM

FAQ: What causes the "No compatible MAC" error in SecureCRT?
 
2 Attachment(s)
If you are getting some form of the below error:
Key exchange failed.
No compatible MAC.
The server supports these MACs: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,UMAC-64,UMAC-128,SHA2-256,SHA2-512,SHA1


https://forums.vandyke.com/attachmen...achmentid=1606
You can turn on Trace Options output (File menu) and find this info:
Code:

[LOCAL] : Available Remote Send Macs = umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
[LOCAL] : Selected Send Mac = hmac-sha2-512
[LOCAL] : Available Remote Recv Macs = umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
[LOCAL] : Selected Recv Mac = hmac-sha2-512

https://forums.vandyke.com/attachmen...achmentid=1601

MAC (Message Authentication Code): The MAC options are in the same category (Session Options -> Connection / SSH2 / Advanced) as ciphers. SecureCRT will try the listed MAC methods in order. The list can be reordered using the Up/Down arrow buttons next to the list.

https://forums.vandyke.com/attachmen...achmentid=1607

As of version 8.5.1, current MAC methods are (with version when support was first added):
SHA2-512-EtM (v8.5.x)
SHA2-256-EtM (v8.5.x)
SHA1-EtM (v8.5.x)
UMAC-64-EtM (v8.5.x)
UMAC-128 (v8.3.x)
UMAC-128-EtM (v8.5.x)
SHA2-512 (v7.2.x)
SHA2-256 (v7.2.x)
UMAC-64 (v6.1.x)
SHA1 (v3.0.x)
SHA1-96 (v3.0.x)
MD5 (v3.0.x)
MD5-96 (v3.0.x)

https://forums.vandyke.com/attachmen...achmentid=1601

You can employ the power of editing the Default session to enable any new MAC algorithms in all of your existing and future sessions. Here are some links to a tip and a video that provide more details about using the Default session to make mass changes to multiple sessions:
https://www.vandyke.com/support/tips/defaultset.html
https://www.youtube.com/watch?v=5RbuZn9L48g
Note: In order for a "change" to be applied to all other sessions, the Default session's option/field you're targeting must actually be modified/different from its current value.


All times are GMT -6. The time now is 10:02 AM.