macOS – no matching key exchange method found. Their offer: diffie-hellman-group1-sha1


Problem

Are you getting this error message when connecting to a SSH Server from your MACOS?

Unable to negotiate with x.x.x.x port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1

Solution

Since the upgrade of El Capitan (10.11) to Sierra (10.12), MAC OS has upgraded their OpenSSH version from 6.9 to 7.2. This change deprecated a number of algorithms by default. This included diffie-hellman-group1-sha1 which is used on most Cisco routers, firewalls and switches.

In order to enable legacy support, perform the following.

  1. Edit or create a new file
    vi ~/.ssh/config
  2. Put this entry in the file
    KexAlgorithms diffie-hellman-group1-sha1
Related Posts with Thumbnails

About the Author

Alfred Tong

Author and owner of this blog. A Networking enthusiast, full time networking and systems Engineer. Generally curious about all things IT.

Certifications: GIAC GSEC, CCNP-S, CCNP, CCSP, CCDP, CCNA, RHCE, JNCIA – FWV