SSH from Mac OS High Sierra to old SSH Servers

Posted by Cristian Livadaru on Monday, January 8, 2018

If you are trying to connect to older ssh servers or Mikrotik routers from Mac OS High Sierra you might encounter some of these error messages:

  • no matching host key type found. Their offer: ssh-dss
  • no matching cipher found. Their offer: aes192-cbc,aes128-cbc,aes256-cbc,blowfish-cbc,3des-cbc
  • DH GEX group out of range

If you can’t upgrade the router firmware (you really should do that first) then you can edit your client ssh config vim .ssh/config and add these lines:

    HostKeyAlgorithms ssh-dss
    KexAlgorithms diffie-hellman-group1-sha1
    Ciphers +aes192-cbc