Davids-MacBook-Pro:~ dpasek$ ssh admin@192.168.4.253
Unable to negotiate with 192.168.4.253 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1,
Solution ...
https://www.petenetlive.com/KB/Article/0001245
Unable to negotiate with 192.168.4.253 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1,
https://www.petenetlive.com/KB/Article/0001245
Solution
This is not Apple’s fault, it’s OpenSSH version 7. SHA1 is weak, so support for it has been removed. Which is fine, but all my clients Cisco Firewalls/Routers/Switches are probably all using RSA/SHA1. So until they re all updated I’m going to need to re-enable SHA1.
Open a terminal windows and execute the following;
sudo nano /etc/ssh/ssh_config
ENTER YOUR PASSWORD
Locate the line ‘ # MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160′ and remove the Hash/Pound sight from the beginning.
Locate the line ‘ # Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc’ and remove the Hash/Pound sight from the beginning.
Then paste the following on the end;
HostkeyAlgorithms ssh-dss,ssh-rsaKexAlgorithms +diffie-hellman-group1-sha1
No comments:
Post a Comment