Home     About Us     RSSRSS

MacOS Sierra: Unable to negotiate with IP X.X.X.X port 22 no matching host key type found. Their offer: ssh-dss

May 22, 2017 by @HKw@! | No Comments | Filed in centos, Linux, Mac OS X

Issue

My latest MacOS X 10.12 release failed to ssh to network devices with the following error:

techkaki-MacBook-Pro:~ techkaki$ ssh root@10.10.10.243
Unable to negotiate with 10.10.10.243 port 22: no matching host key type found. Their offer: ssh-dss

Root Cause

OpenSSH Version 7 and above disable DSA key by default.

Solution

A) To enable the ssh-dss (DSA) key exchange algorithm  using the HostKeyAlgorithms option:

ssh -o HostKexAlgorithms=+ssh-dss  aimsadm@10.10.10.82

B) Enable ssh-dss (DSA) on ssh_config by adding HostkeyAlgorithms +ssh-dss at the end of the ssh_config file.

sudo nano /etc/ssh/ssh_config

Screen Shot 2017-05-22 at 11.54.31 AM

Hope this information will help 🙂

Reference link:-

https://www.openssh.com/legacy.html

macOS Sierra – Error on SSH “no matching key exchange method found. Their offer: diffie-hellman-group1-sha1”

May 22, 2017 by @HKw@! | No Comments | Filed in centos, Linux, Mac OS X, Open Source

Issue

My latest MacOS X 10.12 release failed to ssh to network devices with the following error:

techkaki-MacBook-Pro:~ techkaki$ ssh aimsadm@10.10.178.243
Unable to negotiate with 10.10.178.243 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1

Root Cause

For error message above show that the client and server were unable to agree on the key exchange algorithm.

As per checking on my Mac OS X, i noticed that my Mac OS X running on OpenSSH version 7.

techkaki-MacBook-Pro:~ techkaki$ ssh -V
OpenSSH_7.4p1, LibreSSL 2.5.0

According to openssh website, some of the older algorithms are not enabled by default on OpenSSH Version 7 and above.

Solution

A) To enable the diffie-hellman-group1-sha1 key exchange algorithm  using the KexAlgorithms option:

ssh -o KexAlgorithms=+diffie-hellman-group1-sha1 aimsadm@10.10.143.82

B) Enable SHA1 on ssh_config by adding KexAlgorithms +diffie-hellman-group1-sha1 at the end of the ssh_config file.

sudo nano /etc/ssh/ssh_config

Screen Shot 2017-05-22 at 11.26.05 AM

Hope this information will help 🙂

Reference link:-

https://www.openssh.com/legacy.html

How to reset FortiGate Firewall to factory default setting without Admin Password

October 18, 2016 by @HKw@! | 3 Comments | Filed in Fortinet, Uncategorized

fortinetI believe everyone know that Fortigate Firewall can be reset to Factory Defaults by using Web GUI or CLI interface. In the event of you lost or you do not know the admin password for the fortigate unit, how to reset the Firewall unit? The only thing that you can do is to use maintainer account which have permission to do reset for super admin password or do firewall factory reset.

To do that, you will need:

  • physical access the box
  • Console cable
  • Terminal software such as Putty.exe (Windows) or Terminal (MacOS)
  • Serial number of the FortiGate device

Steps:-

– Connect your laptop or computer to the Firewall via the Console port
– Launch your terminal software
– Reboot or Power Cycle the Firewall
– Wait for the Firewall name and login prompt to appear.
– Enter the Username as maintainer, password as bcpb with Firewall Serial no in UPPERCASE

Read the rest of this entry »