Friday, May 04, 2018

SSH Secure Shell Connections with MacWise and High Sierra

If you cannot connect to a host using secure shell (ssh) with MacWise, it could be a problem with High Sierra and cipher keys.
You may get a message similar to this when trying to connect to the host:

Unable to negotiate with xxx.xxx.xxx.xxx port 22: no matching cipher found. Their offer: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
aes192-cbc,aes256-cbc,rijndael-cbc

This is not a problem with MacWise. It is an issue with MacOS High Sierra 10.13
You can get around this problem by specifying a cipher in the Secure Shell Connection settings in MacWise.

Select Secure Shell Connection... from the Connection Menu in MacWise.
Then enter a cipher by using the -c option in the Additional Login Options field.
For instance, -c aes256-cbc
That option would use the  cipher, aes256-cbc

Currently, High Sierra supports these ciphers:
3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
rijndael-cbc@lysator.liu.se
aes128-ctr
aes192-ctr
aes256-ctr
aes128-gcm@openssh.com
aes256-gcm@openssh.com

chacha20-poly1305@openssh.com

You can verify this by opening the terminal app and entering
ssh -Q cipher

Your host may not support all of the ciphers that High Sierra supports.
So, when you connect to the host and it responds with "no matching cipher found", you can look at the list of ciphers that it offers and use one of those that high sierra also supports.