macOS Sierra – Error on SSH “no matching key exchange method found. Their offer: diffie-hellman-group1-sha1”

Posted on by
1

Issue

My latest MacOS X 10.12 release failed to ssh to network devices with the following error:

techkaki-MacBook-Pro:~ techkaki$ ssh aimsadm@10.10.178.243
Unable to negotiate with 10.10.178.243 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1

Root Cause

For error message above show that the client and server were unable to agree on the key exchange algorithm.

As per checking on my Mac OS X, i noticed that my Mac OS X running on OpenSSH version 7.

techkaki-MacBook-Pro:~ techkaki$ ssh -V
OpenSSH_7.4p1, LibreSSL 2.5.0

According to openssh website, some of the older algorithms are not enabled by default on OpenSSH Version 7 and above.

Solution

A) To enable the diffie-hellman-group1-sha1 key exchange algorithm  using the KexAlgorithms option:

ssh -o KexAlgorithms=+diffie-hellman-group1-sha1 aimsadm@10.10.143.82

B) Enable SHA1 on ssh_config by adding KexAlgorithms +diffie-hellman-group1-sha1 at the end of the ssh_config file.

sudo nano /etc/ssh/ssh_config

Screen Shot 2017-05-22 at 11.26.05 AM

Hope this information will help 🙂

Reference link:-

https://www.openssh.com/legacy.html

How to reset FortiGate Firewall to factory default setting without Admin Password

Posted on by
8

fortinetI believe everyone know that Fortigate Firewall can be reset to Factory Defaults by using Web GUI or CLI interface. In the event of you lost or you do not know the admin password for the fortigate unit, how to reset the Firewall unit? The only thing that you can do is to use maintainer account which have permission to do reset for super admin password or do firewall factory reset.

To do that, you will need:

  • physical access the box
  • Console cable
  • Terminal software such as Putty.exe (Windows) or Terminal (MacOS)
  • Serial number of the FortiGate device

Steps:-

– Connect your laptop or computer to the Firewall via the Console port
– Launch your terminal software
– Reboot or Power Cycle the Firewall
– Wait for the Firewall name and login prompt to appear.
– Enter the Username as maintainer, password as bcpb with Firewall Serial no in UPPERCASE

Continue reading

PFSense: How to add firewall rule at the command line?

Posted on by
1

There is a command line available in PFSense firewall to allow you to add firewall rules. In the event of  locked out from firewall due to miss configuration of firewall rules, you may use command line “easyrule” to add firewall rules to let you get in to firewall again.

Below are the syntax and example of easyrule command:-

Syntax EasyRule function

easyrule pass/block <interface> <protocol> <source IP> <destination ip> [destination port]

Example:

easyrule pass wan tcp 0.0.0.0/0 192.168.0.1 80
easyrule pass wan icmp 1.1.1.1 192.168.0.1
easyrule block wan 1.1.1.1