"Corrupted MAC on input" appears when SSH detects that a packet's Message Authentication Code does not match after the connection is already established. Because the MAC is verified per packet during the session, this almost always means data was corrupted on the wire by flaky hardware, MTU/offload issues, or a middlebox mangling packets — not a real algorithm mismatch. Fix it by isolating the faulty link or device, lowering MTU, or switching to an AEAD cipher.
SSH attaches a Message Authentication Code (MAC) to every packet so the receiver can verify the data arrived unmodified. "Corrupted MAC on input" means a packet was received but its MAC did not match the value SSH computed locally, so SSH aborts the connection to protect integrity. Critically, MAC verification happens per packet during an already-negotiated session, not during the initial algorithm handshake. That is why this message overwhelmingly points to packets being altered in transit (bad NIC/driver, cable/SFP, MTU or hardware-offload problems, or a firewall/VPN/middlebox rewriting traffic) rather than to a true MAC algorithm incompatibility. A genuine algorithm mismatch fails earlier in negotiation with a different message such as "no matching MAC found" — it does not produce corrupted-MAC-on-input.
Because this error means a packet was altered on the wire, start by checking the physical/link layer — this is the most likely culprit.
# Check for drops, CRC/frame errors on your interface
ip -s link show
# or on older systems:
ifconfig eth0
# Run a sustained ping to check for loss or corruption
ping -c 100 host.example.comLook for non-zero CRC errors, drops, or collisions. If you see them, try:
1. A wired connection instead of WiFi
2. A different cable, port, or SFP
3. Reseating connections at both ends
4. Restarting the interface:
sudo ip link set eth0 down && sudo ip link set eth0 upIf errors disappear on a different cable/port/NIC, you have found the root cause.
MTU mismatches and broken NIC offload features are a frequent source of corrupted packets, especially across VPNs and tunnels.
# Check current MTU
ip link show eth0
# Temporarily lower MTU for testing
sudo ip link set eth0 mtu 1400
# Test SSH again
ssh user@hostIf lowering MTU helps, also try disabling offload features, which can corrupt frames on some NICs/drivers:
sudo ethtool -K eth0 tso off gso off gro off rx off tx offIf this stops the errors, make the MTU and/or offload settings permanent in your distro's network configuration (e.g. /etc/network/interfaces on Debian/Ubuntu, /etc/NetworkManager or netplan, or NIC config on RHEL). Standard MTU is 1500; 1400 or 1280 often resolves VPN/firewall paths.
VPNs, NAT devices, and firewalls with deep packet inspection or 'SSH acceleration' can rewrite or corrupt SSH packets in transit.
# Temporarily disconnect the VPN and try again
ssh user@hostIf it works without the VPN, the tunnel or a middlebox is corrupting traffic. Then:
1. Disable any SSH/ALG inspection or 'acceleration' features on the firewall
2. Try a different VPN protocol (e.g. WireGuard vs OpenVPN)
3. Lower the tunnel MTU
4. Test from a different network path to confirm where corruption is introduced
AEAD ciphers such as [email protected] and [email protected] perform authentication as part of the cipher and do not negotiate a separate MAC at all. Because of that, switching to an AEAD cipher is directly relevant to a MAC-on-input error and is a better experiment than changing the MAC list:
ssh -o [email protected] user@host
ssh -o [email protected] user@hostIf one works reliably, make it permanent:
# ~/.ssh/config
Host myserver.example.com
Ciphers [email protected],[email protected]Note this changes which integrity primitive is used; it does not fix corrupted hardware. If an AEAD cipher resolves the error while HMAC suites fail, suspect a UMAC/MAC implementation bug (see advanced notes) rather than the network.
If you connect from Win32-OpenSSH or suspect a UMAC-related bug, force a plain HMAC algorithm. This is a workaround for implementation quirks, not the primary fix for true on-path corruption.
ssh -o MACs=hmac-sha2-512 user@host
ssh -o MACs=hmac-sha2-256 user@hostIf one works, persist it:
# ~/.ssh/config
Host myserver.example.com
MACs hmac-sha2-512,hmac-sha2-256List the MAC algorithms your client supports with:
ssh -Q macOlder OpenSSH/OpenSSL releases have had packet-handling and UMAC bugs. Update both ends where possible.
# Debian/Ubuntu
sudo apt-get update && sudo apt-get install openssh-client openssh-server
# RHEL/CentOS
sudo yum update openssh-clients openssh-server
# macOS (Homebrew)
brew install opensshCheck your version:
ssh -VAsk the server administrator to update too if the remote OpenSSH is old.
Windows OpenSSH / UMAC (common real trigger): Win32-OpenSSH has had reliability problems with UMAC-based MACs ([email protected], [email protected]). When connecting from Windows, prefer a plain HMAC (hmac-sha2-512, hmac-sha2-256) or an AEAD cipher ([email protected], [email protected]), which avoids a separate MAC entirely.
Debugging negotiation: List the MAC algorithms your build supports with ssh -Q mac (and ssh -Q cipher for ciphers). To watch what actually gets negotiated, use verbose mode — note that -vvv *does* connect, it does not just print algorithms:
ssh -Q mac
ssh -vvv user@host 2>&1 | grep -i 'mac\|cipher\|kex'There is no MACs=none in stock OpenSSH; disabling integrity is not an option, and it would not be a valid fix anyway.
Intermittent errors: Sporadic corrupted-MAC failures almost always indicate an unstable link (WiFi loss, failing hardware, ISP issues). Capture interface error counters over time with watch -n5 'ip -s link show eth0' while reproducing, and compare across network paths to localize the bad segment.
ProFTPD SFTP subsystem: If running ProFTPD's mod_sftp, confirm its configured ciphers/MACs are current and consider enabling AEAD ciphers there as well.
sign_and_send_pubkey: no mutual signature supported
How to fix "sign_and_send_pubkey: no mutual signature supported" in SSH
sign_and_send_pubkey: signing failed for RSA from agent: agent refused operation
How to fix "sign_and_send_pubkey: signing failed for RSA from agent: agent refused operation" in SSH
Bad owner or permissions on /home/user/.ssh/config
How to fix "Bad owner or permissions on .ssh/config" in SSH
No more authentication methods to try.
How to fix "No more authentication methods to try." in SSH
Error connecting to agent: Connection refused
How to fix "Error connecting to agent: Connection refused" in SSH