SSH from Mac OS High Sierra to old SSH Servers

If you are trying to connect to older ssh servers or Mikrotik routers from Mac OS High Sierra you might encounter some of these error messages:

  • no matching host key type found. Their offer: ssh-dss
  • no matching cipher found. Their offer: aes192-cbc,aes128-cbc,aes256-cbc,blowfish-cbc,3des-cbc
  • DH GEX group out of range

If you can't upgrade the router firmware (you really should do that first) then you can edit your client ssh config vim .ssh/config and add these lines:

Host foo.example.com
    HostKeyAlgorithms ssh-dss
    KexAlgorithms diffie-hellman-group1-sha1
    Ciphers +aes192-cbc
Cristian Livadaru

Cristian Livadaru