Home     About Us     RSSRSS

macOS Sierra – Error on SSH “no matching key exchange method found. Their offer: diffie-hellman-group1-sha1”

May 22, 2017 by @HKw@! | Filed under centos, Linux, Mac OS X, Open Source.

Issue

My latest MacOS X 10.12 release failed to ssh to network devices with the following error:

techkaki-MacBook-Pro:~ techkaki$ ssh aimsadm@10.10.178.243
Unable to negotiate with 10.10.178.243 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1

Root Cause

For error message above show that the client and server were unable to agree on the key exchange algorithm.

As per checking on my Mac OS X, i noticed that my Mac OS X running on OpenSSH version 7.

techkaki-MacBook-Pro:~ techkaki$ ssh -V
OpenSSH_7.4p1, LibreSSL 2.5.0

According to openssh website, some of the older algorithms are not enabled by default on OpenSSH Version 7 and above.

Solution

A) To enable the diffie-hellman-group1-sha1 key exchange algorithm  using the KexAlgorithms option:

ssh -o KexAlgorithms=+diffie-hellman-group1-sha1 aimsadm@10.10.143.82

B) Enable SHA1 on ssh_config by adding KexAlgorithms +diffie-hellman-group1-sha1 at the end of the ssh_config file.

sudo nano /etc/ssh/ssh_config

Screen Shot 2017-05-22 at 11.26.05 AM

Hope this information will help 🙂

Reference link:-

https://www.openssh.com/legacy.html

← Previous

Leave a Reply

Your email address will not be published. Required fields are marked *