"Corrupted MAC" errors on Windows

The official SSH component of Windows has a bug in the implementation of the umac-128-etm@openssh.com MAC algorithm and prefers this algorithm over others that are not bugged. When connecting to the login nodes, the bug trips the corrupted MAC detection and the error Corrupted MAC on input is reported.

To avoid the issue, add -m hmac-sha2-256-etm@openssh.com to your ssh command line, use a better SSH client, or change your configuration as shown below.

Reduce the priority of the buggy MAC algorithm

Another way is to override the MAC used or change the priority list to de-prioritize (or remove) the buggy MAC. The easiest way to do this in a persistent way is to change your .ssh/config file, which is at %USERPROFILE%\.ssh\config on Windows (this usually works out to be something like C:\Users\YOUR_USERNAME\.ssh\config). Go to the Host entries for the login nodes and add the option MACs hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com to them, which will change the priority order to use non-buggy ones first but still retain the problematic one for if you upgrade OpenSSH later.

You can also add this to a Host * block to enable it for all hosts. Since the buggy implementation is not disabled, just de-prioritized, it should not cause connection problems with any other servers.

See the Configuring SSH page for more information on the config file, particularly if you have not made one yet.

It is also possible to override the default MAC when running SSH on the command line with the -m MAC1[,...,MACN] option. Examples would be -m hmac-sha2-256-etm@openssh.com to pick just one or -m hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com to specify a list of ones use in order of priority.

Complete example: ssh -m hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com -i C:\Users\local_username\.ssh\id_ed25519 username@glogin.hpc.gwdg.de