Mac OS High Sierra no matching key exchange method found. Their offer: diffie-hellman-group1-sha1

Mac OS High Sierra
no matching key exchange method found. Their offer: diffie-hellman-group1-sha1

If you’ve tried to SSH to something after upgrading to Mac OS High Sierra and gotten the message.

Unable to negotiate with 1.1.1.1 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1

 

Follow these steps to fix.

  • Open terminal
  • Enter, “sudo vi /etc/ssh/ssh_config”

  • Search for “MACs hmac-md5,hmac-sha1,umac-64” by pressing the “/” key and pasting “MACs hmac-md5,hmac-sha1,umac-64”
    • No quotes
    • Hit enter
  • Hit the “i” key to enter insert mode and remove the “#” to uncomment the line.
  • Press the “esc” key to exit insert mode

  • Now search for “Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc” by pressing the “/” key and pasting “Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc”
  • Press enter

  • Hit the “i” key to enter insert mode and remove the “#” to uncomment the line.
  • Press the “esc” key to exit insert mode

    • Go to the bottom of the file and paste in:

HostkeyAlgorithms ssh-dss,ssh-rsa
KexAlgorithms +diffie-hellman-group1-sha1

  • Finally, Save and exit by typing “:wq”
    • No quotes
  • Press enter

  • All set!

About Daniel Fredrick

Technology enthusiast, Programmer, Network Engineer CCIE# 17094

View all posts by Daniel Fredrick →

7 Comments on “Mac OS High Sierra no matching key exchange method found. Their offer: diffie-hellman-group1-sha1”

  1. Works again.. seems that everytime I upgrade MAC osx lately I end up having to do this.. and my Sketchup keeps crashing as well…

    Sheeshhh

    1. Good to hear! I put this on my website because I have to do this about twice a year when there is a random OSX update that breaks my SSH for some older devices. Now I do not have to search for it. I have not heard of sketckup before but it seems very powerful.

      Updates are a pain with Apple because they do not seem to honor previous security “bypasses”.

      Oh well, its the price we pay for new things.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.