MacOS – OSX 10.11 enable ssh diffie-hellman-group1-sha1

macosssh

Since we updated our mac from 10.10 to 10.11 our tomcat can't connect anymore with the error

[SSH] Exception:Algorithm negotiation fail

This answer shows that we have to anable the diffie-hellman-group1-sha1 again:
https://stackoverflow.com/questions/26424621/algorithm-negotiation-fail-ssh-in-jenkins

i tried

sudo vi /private/etc/ssh/sshd_config

and added a line, because there was no line starting with "Ciphers"

Ciphers chacha20-poly1305@openssh.com,aes128-gcm@openssh.com,aes256-gcm@openss.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc,diffie-hellman-group1-sha1

but after restaring the daemon

sudo launchctl stop com.openssh.sshd; sudo launchctl start com.openssh.sshd;

i can't connect at all

Best Answer

  • This answer shows that we have to anable the diffie-hellman-group1-sha1 again: https://stackoverflow.com/questions/26424621/algorithm-negotiation-fail-ssh-in-jenkins

    diffie-hellman-group1-sha1 is not cipher, but key exchange algorithm. You need to allow it such as:

    KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
    

    The line Ciphers [...] diffie-hellman-group1-sha1 is invalid and it prevents your server to start.

  • Related Question