OSX 10.11 Bad SSH2 KexAlgorithms '+diffie-hellman-group1-sha1'
17,726
This feature (the + sign) is supported from openssh 7.0:
If you need to use this specific algorithm, you need to specify it directly in ~/.ssh/config, such as
KexAlgorithms diffie-hellman-group1-sha1
Related videos on Youtube
01 : 02
SOLVED - HOW TO FIX - "This Item Is Temporarily Unavailable"
09 : 53
OS X El Capitan Won't Install! Why? - Krazy Ken's Tech Misadventures
06 : 00
Solucionar problemas Wifi Mac OS X El Capitan 10 11
05 : 55
Fix Wi Fi problems in Mac OS X El Capitan 10 11
02 : 36
How To: Enable TRIM in Mac OSX
19 : 20
История macOS. Записки Хакинтошника. От 10.1 Puma до 10.14 Mojave
06 : 06
Apple OS X El Capitan: What's New?
05 : 56
SDLMAME in Mac OS X el capitan.
Author by
Community
Updated on September 18, 2022Comments
-
Community over 1 year
I have updated my
/etc/ssh/sshd_configfile based on the answers provided here - OSX 10.11 enable ssh diffie-hellman-group1-sha1
https://stackoverflow.com/questions/26424621/algorithm-negotiation-fail-ssh-in-jenkins# Ciphers and keying Ciphers 3des-cbc,blowfish-cbc,cast128-cbc,arcfour,arcfour128,arcfour256,aes128-cbc,aes192-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],[email protected] #RekeyLimit default none KexAlgorithms [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1And restarted the SSHD daemeon using these commands:
sudo launchctl unload /System/Library/LaunchDaemons/ssh.plist sudo launchctl load -w /System/Library/LaunchDaemons/ssh.plistBut still I am getting the same error:
id$ git clone ssh://<user>@<host>:<port>/<repo> Cloning into 'xxxxx'... Unsupported KEX algorithm "+diffie-hellman-group1-sha1" /Users/<user>/.ssh/config line 2: Bad SSH2 KexAlgorithms '+diffie-hellman-group1-sha1'. fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists.I am on OpenSSH_6.9p1, LibreSSL 2.1.8.
Any help here would be much appreciated.
-
Castaglia about 8 yearsFrom the error message, it looks like you might also want to double-check the contents of the/Users/<user>/.ssh/configclient config file; I suspect that the culprit may lie there, not in the server-side config files.
-
-
tuk0z over 6 years
Bad SSH2 KexAlgorithms '+here because OpenSSH previous v7 does not "understand" the '+diffie-hellman-group1-sha1' syntax you used. I have that too with a Debian Jessie server. You can cure this by listing your server supported ciphers withssh -Q cipher, copy/paste the result insshd_config, then adding your wanted cipher. E.gCiphers [email protected], (...),diffie-hellman-group1-sha1. Note I've put no "+". -
Jakuje over 6 yearsthat is precisely what I wrote in this answer.
-
tuk0z over 6 yearsYou pint pointed cause of OP's issue ; I explain how to cure it on the server side.
-
Jakuje over 6 years@tuk0z The
ssh -Q cipherlists client supported ciphers. Thediffie-hellman-group1-sha1is not a cipher, but key exchange algorithm. Doing as you wrote, would prevent your sshd server from starting, because it is invalid value forciphers. -
tuk0z about 6 yearsYes. So with OpenSSH previous v7 we need to add any supported Key exchange algorithm using the old syntax, e.g.
KexAlgorithms [default Kex],diffie-hellman-group1-sha1that is without the+in /etc/ssh/sshd_config. My bad for mixing Cipher and Kex in my previous comment and thank you @jakuje for noticing!
