Cristian Livadaru's Blog

Cristian Livadaru's Blog

My personal view on things




SSH from Mac OS High Sierra to old SSH Servers

Change SSH client settings to enable SSH logins to older SSH servers or Mikrotik routers

Cristian LivadaruCristian Livadaru

If you are trying to connect to older ssh servers or Mikrotik routers from Mac OS High Sierra you might encounter some of these error messages:

  • no matching host key type found. Their offer: ssh-dss
  • no matching cipher found. Their offer: aes192-cbc,aes128-cbc,aes256-cbc,blowfish-cbc,3des-cbc
  • DH GEX group out of range

If you can't upgrade the router firmware (you really should do that first) then you can edit your client ssh config vim .ssh/config and add these lines:

    HostKeyAlgorithms ssh-dss
    KexAlgorithms diffie-hellman-group1-sha1
    Ciphers +aes192-cbc