My latest MacOS X 10.12 release failed to ssh to network devices with the following error:
techkaki-MacBook-Pro:~ techkaki$ ssh email@example.com
Unable to negotiate with 10.10.178.243 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1
For error message above show that the client and server were unable to agree on the key exchange algorithm.
As per checking on my Mac OS X, i noticed that my Mac OS X running on OpenSSH version 7.
techkaki-MacBook-Pro:~ techkaki$ ssh -V
OpenSSH_7.4p1, LibreSSL 2.5.0
According to openssh website, some of the older algorithms are not enabled by default on OpenSSH Version 7 and above.
A) To enable the diffie-hellman-group1-sha1 key exchange algorithm using the KexAlgorithms option:
ssh -o KexAlgorithms=+diffie-hellman-group1-sha1 firstname.lastname@example.org
B) Enable SHA1 on ssh_config by adding KexAlgorithms +diffie-hellman-group1-sha1 at the end of the ssh_config file.
sudo nano /etc/ssh/ssh_config
Hope this information will help 🙂
I believe everyone know that Fortigate Firewall can be reset to Factory Defaults by using Web GUI or CLI interface. In the event of you lost or you do not know the admin password for the fortigate unit, how to reset the Firewall unit? The only thing that you can do is to use maintainer account which have permission to do reset for super admin password or do firewall factory reset.
To do that, you will need:
- physical access the box
- Console cable
- Terminal software such as Putty.exe (Windows) or Terminal (MacOS)
- Serial number of the FortiGate device
– Connect your laptop or computer to the Firewall via the Console port
– Launch your terminal software
– Reboot or Power Cycle the Firewall
– Wait for the Firewall name and login prompt to appear.
– Enter the Username as maintainer, password as bcpb with Firewall Serial no in UPPERCASE
There is a command line available in PFSense firewall to allow you to add firewall rules. In the event of locked out from firewall due to miss configuration of firewall rules, you may use command line “easyrule” to add firewall rules to let you get in to firewall again.
Below are the syntax and example of easyrule command:-
Syntax EasyRule function
easyrule pass/block <interface> <protocol> <source IP> <destination ip> [destination port]
easyrule pass wan tcp 0.0.0.0/0 192.168.0.1 80
easyrule pass wan icmp 126.96.36.199 192.168.0.1
easyrule block wan 188.8.131.52