User profile for user: smonger86
smonger86 Author
User level: Level 1
5 points

SSH not working when connecting to a cisco on new Sierra update.

I keep getting this error


Unable to negotiate with *.*.*.* port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1


does anyone know the work around ?

MacBook Pro, iOS 10, SSH

Posted on Oct 8, 2016 11:16 AM

Reply
1 reply
User profile for user: trevoz
trevoz
User level: Level 4
1,990 points

Oct 8, 2016 11:08 PM in response to smonger86

macOS Sierra is rejecting that cipher type because it is very weak (see Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice).


While definitely not recommended, you can downgrade your security to still use it by either:


1) Enabling the diffie-hellman-group1-sha1 key exchange algorithm using the KexAlgorithms option - either on the command line thus:

ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 user@legacyhost


or in the ~/.ssh/config file thus:

Host somehost.example.org KexAlgorithms +diffie-hellman-group1-sha1

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

SSH not working when connecting to a cisco on new Sierra update.

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up