You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Make sure you are able to repro it on the latest version
Search the existing issues.
Steps to reproduce
On a Linux machine you are supposed to login with ssh user@host once you have set up your FIDO device with ssh-keygen -t ed25519-sk -O resident and put the public key into authorized_keys on the server.
However, on Windows machines you will get an error Corrupted MAC on input. You must use ssh -m hmac-sha2-512 user@server.com to login.
Once you know this it is pretty trivial. But it took me hours to find out. It would be so much more user friendly if Windows OpenSSH had automatic discovery of message authentication code.
Expected behavior
PS C:\> ssh user@server.com -v
[…]
debug1: kex: host key algorithm: ssh-ed25519-cert-v01@openssh.com
! debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-512 compression: none! debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-512 compression: none
[…]
Confirm user presence for key ED25519-SK SHA256:abcdefghijklmnop
User presence confirmed
Last login: Thu Jan 18 08:25:20 2024 from 2a00:…
Name Value
---------
PSVersion 7.4.1
PSEdition Core
GitCommitId 7.4.1
OS Microsoft Windows 10.0.19045
Platform Win32NT
PSCompatibleVersions {1.0,2.0,3.0,4.0…}
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
WSManStackVersion 3.0
Version
OpenSSH_for_Windows_9.5p1, LibreSSL 3.8.2
Visuals
No response
The text was updated successfully, but these errors were encountered:
Prerequisites
Steps to reproduce
On a Linux machine you are supposed to login with
ssh user@host
once you have set up your FIDO device withssh-keygen -t ed25519-sk -O resident
and put the public key intoauthorized_keys
on the server.However, on Windows machines you will get an error
Corrupted MAC on input.
You must usessh -m hmac-sha2-512 user@server.com
to login.Once you know this it is pretty trivial. But it took me hours to find out. It would be so much more user friendly if Windows OpenSSH had automatic discovery of message authentication code.
Expected behavior
Actual behavior
Environment data
Version
OpenSSH_for_Windows_9.5p1, LibreSSL 3.8.2
Visuals
No response
The text was updated successfully, but these errors were encountered: