Note that I am asking specifically about the command line here, I know exactly how to fix this by using the ssh “config” file.
When making an ssh connection from Windows to a Linux computer, you often get the “Corrupted MAC on input” error.
This is easily rectified by specifying a MAC on the command line, as in either of these two examples:
ssh -m hmac-sha2-256 user@computer1.domain
ssh -o "MACs -umac-128@openssh.com" user@computer1.domain
But, if I want to use computer1 as a jumphost to computer2, the situation changes. The standard command line would be
ssh -J user@computer1.domain user@computer2.domain
This generates the above error (as expected)
But, adding the MAC options (in various ways)
ssh -J user@computer1.domain -m hmac-sha2-256 user@computer2.domain
ssh -m hmac-sha2-256 -J user@computer1.domain user@computer2.domain
ssh -J user@computer1.domain -o "MACs -umac-128@openssh.com" user@computer2.domain
ssh -o "MACs -umac-128@openssh.com" -J user@computer1.domain user@computer2.domain
does absolutely nothing for me, I still get the error.
For the record, ONLY computer1 in my setup has the MAC “problem” in the first place, when I am local I can connect to computer2 directly without any additional setup.
So, is there any way to work around this problem, using the command line only?
This setup works perfectly fine if I add the following to my SSH config file, but for my use case here, I would really like a command-line only solution that does not depend on the config file. (And not on changes to the configs on the servers either). But the fact that this config change do work seem to indicate there is nothing wrong with my environment (well, except for the fact that the MAC issue is there at all, I guess), it is only an issue with my command line options.
Host computer1.domain
MACs -umac-128@openssh.com
Edit:
Adding -vvv as suggested by @George reveals one thing which looks to be of interest, but I don’t really know how to solve it. According to the debug message, when running ssh using the JumpHost option, a sub-command is spawned, and the options specified on the command line doesn’t seem to be brought along, thus still leaving me with the original problem:
debug1: Setting implicit ProxyCommand from ProxyJump: "ssh" -vvv -W "[%h]:%p" computer1.domain
debug1: Executing proxy command: exec "ssh" -vvv -W "[computer2.domain]:22" computer1.domain
debug3: spawning "ssh" -vvv -W "[computer2.domain]:22" computer1.domain as subprocess
The rest of the debug output shows my client agreeing with computer1 to use the umac-128@openssh.com, the very MAC I am trying to tell it not to use
