This error occurs when the SSH client or server specifies an invalid or unsupported Message Authentication Code (MAC) algorithm in its configuration. It typically indicates a typo, deprecated algorithm, or incompatible SSH version.
SSH uses Message Authentication Codes (MACs) to ensure data integrity during communication. The "Bad SSH2 Mac spec" error means the SSH client or server encountered an invalid MAC algorithm specification in the configuration file. This can happen when: the MAC algorithm name contains a typo, an algorithm has been removed in newer OpenSSH versions, the configuration syntax is incorrect, or you're mixing incompatible SSH versions. The SSH handshake fails before any connection is established because the configuration is malformed.
First, determine which SSH version you're running and what MAC algorithms are available:
ssh -V
ssh -Q macThe ssh -Q mac command lists all valid MAC algorithms supported by your OpenSSH version. Use only these names in your configuration.
Check the MACs line in your SSH configuration file. For clients, this is typically ~/.ssh/config or /etc/ssh/ssh_config. For servers, it's /etc/ssh/sshd_config:
# Check client config
grep -n "MACs" ~/.ssh/config
grep -n "MACs" /etc/ssh/ssh_config
# Check server config (requires root)
sudo grep -n "MACs" /etc/ssh/sshd_configLook for:
- Typos in algorithm names (e.g., hmac-sha256 should be hmac-sha2-256)
- Incorrect syntax (missing commas between algorithms, spaces in wrong places)
- Algorithm names that don't match the output from ssh -Q mac
Replace the MACs line with algorithms from the supported list. Common valid MAC algorithms include:
hmac-sha2-256
hmac-sha2-512
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]Example client configuration (~/.ssh/config or /etc/ssh/ssh_config):
Host *
MACs [email protected],[email protected],hmac-sha2-512,hmac-sha2-256Example server configuration (/etc/ssh/sshd_config):
MACs [email protected],[email protected],hmac-sha2-512,hmac-sha2-256Note: "etm" (encrypt-then-mac) variants are more secure and recommended.
If you're using the -o MACs=... option on the command line, ensure the syntax is correct:
# WRONG (common mistake)
ssh -o MACs=hmac-sha256 user@host
ssh -o MACs=hmac-sha2-256, hmac-sha1 user@host # space after comma
# CORRECT
ssh -o MACs=hmac-sha2-256 user@host
ssh -o MACs=hmac-sha2-256,hmac-sha1 user@host # no spacesMultiple MACs must be comma-separated with no spaces.
After editing your SSH configuration, validate the syntax:
For client configuration:
ssh -G hostname # Tests client config parsingFor server configuration (requires root):
sudo sshd -T # Tests sshd config parsingIf there are syntax errors, the output will highlight the problematic line. Fix any errors and try again.
If you edited the server-side SSH configuration (/etc/ssh/sshd_config), restart the SSH daemon:
# On Linux systems
sudo systemctl restart sshd
# On some systems (macOS, BSD)
sudo /usr/sbin/sshd -t # Validate config first
sudo launchctl stop com.openssh.sshd
sudo launchctl start com.openssh.sshdAlways validate the configuration with sudo sshd -T before restarting to avoid locking yourself out.
If you're unsure which MACs to use, either:
1. Remove the MACs line entirely to use OpenSSH defaults (recommended):
# In your config file, delete or comment out the MACs line
# The system will use secure defaults automatically2. Append to defaults instead of replacing them by prefixing with +:
MACs +hmac-sha1 # Adds hmac-sha1 to the default set3. Remove specific algorithms by prefixing with -:
MACs -hmac-sha1 # Removes hmac-sha1 from defaultsThis is safer than manually specifying all MACs, as OpenSSH defaults are kept up-to-date by the developers.
Advanced troubleshooting:
OpenSSH Version Differences: Algorithm support varies significantly across OpenSSH versions. OpenSSH 7.1 and later removed several older algorithms (md5, sha1 without "etm" suffix). If upgrading OpenSSH on a legacy system, older MACs configuration lines may become invalid.
EtM vs Non-EtM Algorithms: Algorithms with "-etm" suffix (encrypt-then-mac) calculate the MAC after encryption, making them more secure against certain attacks. Modern OpenSSH prioritizes these. If you need backward compatibility with older systems, you may need to add non-etm variants.
Debugging SSH Parsing: Enable verbose logging to see exactly where configuration parsing fails:
ssh -vvv user@host # Shows configuration parsing in verbose output
sudo sshd -d # Server debug mode shows config errors on startupLegacy Systems: If connecting to very old SSH servers/clients, you may need less secure algorithms. The trade-off between security and compatibility should be documented and justified. Consider upgrading the legacy system instead if possible.
ProxyCommand and Nested Configs: If using ProxyCommand in SSH config, note that nested SSH invocations may use different MACs settings. Ensure consistency across your proxy chain.
Load key "/home/user/.ssh/id_rsa": invalid format
How to fix 'Load key invalid format' in SSH
Bad owner or permissions on /home/user/.ssh/config
How to fix "Bad owner or permissions on .ssh/config" in SSH
Error connecting to agent: Connection refused
How to fix "Error connecting to agent: Connection refused" in SSH
Connection closed by UNKNOWN port 65535
How to fix 'Connection closed by UNKNOWN port 65535' in SSH
Offending ECDSA key in /home/user/.ssh/known_hosts:line
How to fix "Offending ECDSA key in known_hosts" in SSH