When using BusinessConnect SSH client, a "MAC check failed" occurs error when setting up new SSH connection using key based authentication
Article ID: KB0082150
Updated On:
| Products | Versions |
|---|---|
| TIBCO BusinessConnect | 6.X |
Description
When this occurs, the following information is posted to the Interior log file:
BW.BusinessConnect-InteriorServer Error [bw.logger] BW-EXT-LOG-100000 Job-69002-2-3.69007 SshMgr: Ssh transport disconnected due to fatal errors: MAC check failed (HmacSHA256) [null]. Peer session: 0:0:0:20:a8:a0:4b:c3:64:ff:46:e2:a8:7f:bd:dd:c9:e0:f3:83:f:e2:0:b3:67:1e:6b:e6:fd:33:56:39:a5:a6:ee:66
BW-EXT-LOG-100000 Job-69002-2-3.69007 [SSHFTP] SSH2Transport.disconnectInternal disconnect: MAC check failed (HmacSHA256)
BW.BusinessConnect-InteriorServer Error [bw.logger] BW-EXT-LOG-100000 Job-69002-2-3.69007 SshMgr: Ssh transport disconnected due to fatal errors: MAC check failed (HmacSHA256) [null]. Peer session: 0:0:0:20:a8:a0:4b:c3:64:ff:46:e2:a8:7f:bd:dd:c9:e0:f3:83:f:e2:0:b3:67:1e:6b:e6:fd:33:56:39:a5:a6:ee:66
BW-EXT-LOG-100000 Job-69002-2-3.69007 [SSHFTP] SSH2Transport.disconnectInternal disconnect: MAC check failed (HmacSHA256)
Issue/Introduction
When using BusinessConnect SSH client, a "MAC check failed" occurs error when setting up new SSH connection using key based authentication
Environment
all platforms
Resolution
By default the Preferred MAC is set to "ANY". The SSH client and server negotiate the MAC during the initial connection phase. If one selects ANY, the server may default to the most secure MAC which the SSH client may not support. Setting the "Preferred MAC" to some other option like HMAC_SHA1 in the configuration settings may resolve the issue. If one selects something else like HMAC_SHA1, the client tells the server to use this MAC and the handshake will complete correctly.
Feedback
Yes
No
Powered by
