You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: mcollins026
mcollins026 Author
User level: Level 1
8 points

ssh error no matching cipher found trying to connect

I am running macOS 10.13.2 I connect via terminal app with ssh to a non-mac system and am getting this error message:


ssh USERNAME@X.X.X.X

Unable to negotiate with X.X.X.X port 22: no matching cipher found. Their offer: aes128-cbc,blowfish-cbc,3des-cbc


I don't know how long this has been broken as I don't connect to this server often. I would have thought it would work, since the /etc/ssh/ssh_config file has this for the defaults:


# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc


I don't have ciphers defined in my ~/.ssh/config file, so it should just be using the defaults.


Thanks,

Mac

Posted on Jan 9, 2018 12:06 PM

Reply
Question marked as Top-ranking reply
User profile for user: cookie.hunter
cookie.hunter
User level: Level 1
9 points

Posted on Jan 17, 2018 2:10 AM

An old Solaris system?


The default ciphers in your Mac SSH client are not the entire list of ciphers supported. 'ssh -Q ciphers' will list available ciphers on your Mac. Add "Ciphers +3des-cbc" (or any cipher you have in common) to ~/.ssh/config (or /etc/ssh/ssh_config) and it will work.


Diffie-Hellman keys are just problematic. Use RSA 2048 bit.

View in context
3 replies
Question marked as Top-ranking reply
User profile for user: cookie.hunter
cookie.hunter
User level: Level 1
9 points

Jan 17, 2018 2:10 AM in response to mcollins026

An old Solaris system?


The default ciphers in your Mac SSH client are not the entire list of ciphers supported. 'ssh -Q ciphers' will list available ciphers on your Mac. Add "Ciphers +3des-cbc" (or any cipher you have in common) to ~/.ssh/config (or /etc/ssh/ssh_config) and it will work.


Diffie-Hellman keys are just problematic. Use RSA 2048 bit.

Reply
User profile for user: mcollins026
mcollins026 Author
User level: Level 1
8 points

Jan 10, 2018 1:22 PM in response to BerlinJS

Well, that does change the error message, but still doesn't connect.


According to the comments at the top of the ssh_config file:


# Site-wide defaults for some commonly used options. For a comprehensive # list of available options, their meanings and defaults, please see the # ssh_config(5) man page.


the commented lines in it are just a listing of the defaults. They aren't commented out, because they aren't in use. So, uncommenting them really shouldn't change the defaults being used, however, I tried it anyway, and I did get a different error this time:


$ ssh USERNAME@X.X.X.X

ssh_dispatch_run_fatal: Connection to 10.2.47.23 port 22: DH GEX group out of range



So, any other ideas out there?


Thanks,

Mac

Reply

ssh error no matching cipher found trying to connect

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up