Tuesday, November 23, 2021

SSH Secure Shell Login Falure with Diffie-Hellman - Fix

If you get the following error while trying to connect with SSH...

"Unable to negotiate with xx.xxx.xx.xx port 22: no matching key exchange method

found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha"


That error is due to the fact that diffie-helllman is an older less secure connection method.

Apple has removed it from the MacOS starting with MacOS Mojave.


If the server you are trying to connect to cannot upgrade their key exchange method for some reason, You can add diffie-hellman to the MacOS.


Here's how to do that:


Launch the terminal app and enter the following command.

sudo nano /etc/ssh/ssh_config


Locate the line ‘ #   MACs hmac-md5,hmac-sha1,hmac-sha2-256,umac-64@openssh.com,hmac-ripemd160′ and remove the Hash/Pound sign from the beginning, and add the extra hashing algorithm that I’ve shown above in red. 


Locate the line ‘ #   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc’ and remove the Hash/Pound sign from the beginning.

Then paste the following on the end;

HostkeyAlgorithms ssh-dss,ssh-rsa

KexAlgorithms +diffie-hellman-group1-sha1


The Modified text should look like this:


Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc                                                                            

HostkeyAlgorithms ssh-dss,ssh-rsa

KexAlgorithms +diffie-hellman-group1-sha1

MACs hmac-md5,hmac-sha1,hmac-sha2-256,umac-64@openssh.com



Now you should be able to connect with SSH



Posted by at

Saturday, April 03, 2021

Telnet connection with Apple Silicon Macs

Telnet connection with Apple Silicon Macs sometimes would not connect to the server.

Symptom was just a blank screen as if it were not trying to connect.
When verbose login was selected, you could see an error message that said, "Bad CPU Type".

Solution:  Upgrade to MacWise 21.6  or later.


Posted by at

Telnet connection using VPN

Problem:  Cannot get a login using MacWise with Telnet and a VPN connection.

Error might be, "Failed: Operation timed out"

or it might be "Sorry, you must SET LINE or SET HOST first"


The simple fix can be to set the VPN service order to the top of the list in Network Preferences.

Select System Preferences... from the Apple Menu

Then select Network

Find your VPN in the list of networks in the left column and drag it to the top of the list.

That's it.

Now your VPN has first priority when making a connection to the internet and your telnet connection should work with MacWise.


Note that lots of things can cause a telnet connection to fail but this is one you might never think of.

Posted by at
Subscribe to: Posts (Atom)