There are two error message you'll need to fix:
- Unable to negotiate with X.X.X.X port 22: no matching host key type found. Their offer: ssh-dss
- Corrupted MAC on input. Connection to X.X.X.X closed by remote host.
Both errors are fixed by modifying the SSH config file. The fix follows:
In terminal, issue: sudo nano /etc/ssh/ssh_config
Enter your password and hit enter
1. Scroll down until you see this line:
# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
2. Delete the pound sign, which will un-comment that line and make it active.
3. Now scroll down to the bottom of the document and add this line:
HostkeyAlgorithms ssh-dss
4. Hold Control and hit X to exit, hit Y to save, and Enter to apply.
That should do it!
Hmm, this fix doesn't seem to work for me. I even rebooted (just in case...)
ReplyDeleteI was also getting "Unable to negotiate with x.x.x.x port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1"
DeleteFixed by adding the HostKeyAlgorithms line and also a KexAlgorithms line:
HostkeyAlgorithms ssh-dss
KexAlgorithms diffie-hellman-group1-sha1
Hope that helps somebody who may stumble across this post while searching for the solution.
Helped me! Thanks!
DeleteThis just saved me a ton of time and aggravation!!
DeleteThanks
Helped me!
DeleteI needed ssh-rsa and KexAlgorithms diffie-hellman-group1-sha1
Thanks!
DeleteThis comment has been removed by the author.
ReplyDeleteThis comment has been removed by the author.
ReplyDeleteHad to do `HostkeyAlgorithms ssh-dss,ssh-rsa` but this worked for me
ReplyDeleteAlso needed `HostkeyAlgorithms ssh-dss,ssh-rsa`
ReplyDeleteJust upgraded to Sierra last night - and SSH keys broken. Before I go changing keys on all my servers — I'd like a workaround.
ReplyDeleteCan't find much on the web. Your answer seemed clear - but doesn't seem to work.
Still getting Skipping ssh-dss key /Users/Jeff/.ssh/id_key - not in PubkeyAcceptedKeyTypes
I did
sudo nano /private/etc/ssh/sshd_config
added your lines above
sudo launchctl stop com.openssh.sshd
sudo launchctl start com.openssh.sshd
but no luck.
Any idea?
Sounds like your public key is DSA, which has been depreciated. You're right to need to update, but as the workaround I would try:
DeleteI would try this:
sudo nano /etc/ssh/ssh_config (notice, it's SSH_config, not SSHD_config)
add this to the bottom: PubkeyAcceptedKeyTypes ssh-dss
save and exit nano
Try to ssh again. You shouldn't need to restart the ssh daemon, changes should apply on exit of nano.
ssh -oHostKeyAlgorithms=+ssh-dss admin@
Deletessh -oKexAlgorithms=+diffie-hellman-group1-sha1 user@legacyhost
You are enabling old algorithms that have known vunerabilities - www.openssh.com/legacy.html.
ReplyDeleteThanks for the info!! I added each one and tested it. it was failing until I loaded all three lines with the ssh-rss part and now it works again!
ReplyDeleteI truly appreciate all of your hard work; however, you have to understand not everyone is a techie. I tried to follow the instructions but you should put things in more of a layman language and you will get more followers. In the end, after trying everything here. I simply reset the SMC and was good. That means for the non-technical, attach the power cord, shut down your mac, hit shift+cntrl+option(alt)+power key at the same time until the power light blinks or changes color. Good luck!
ReplyDeleteBTW ... the upgrade with this small solution fixed all of my latency or lagging issues. Wish all the creatives the best!
ReplyDeleteI was frustrated out of my head until I figured it out finally!!! Really Apple???
ReplyDeletethanks for the solution. works great.
ReplyDeleteThanks for this, real help.
ReplyDeletehad to add both, HostkeyAlgorithms ssh-dss,ssh-rsa & KexAlgorithms diffie-hellman-group1-sha1
Its working: I add:
ReplyDeleteMACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
HostkeyAlgorithms ssh-dss,ssh-rsa
KexAlgorithms diffie-hellman-group1-sha1
Hi Chris
ReplyDeleteeven if you decide to use a systemwide configuration file, you really SHOULD use the option HostkeyAlgorithms +ssh-dss. This ALSO enables a login using the inferior DSS encryption algorithm. Your line without the '+' will ONLY allow the use of this inferior / insecure method of encryption, even when RSA actually is available and could be used. Hence, your original approach drills a security hole which you should fix in your text above.
Thank-you!!! I have searched all over the internet for this fix! Why is this solution not more apparent (i.e. on Apple.support.com for instance) when googling "Unable to negotiate with port 22: no matching host key type found. Their offer: ssh-dss" ?!?!?!
ReplyDeleteEach time the Red Envelope happens, an animation shall be seen on the relevant bet spot, exhibiting a pink envelope together with a randomly generated increased payout. Red Envelope is an sudden bonus that may generally be generated on either the Tie, Banker Pair or Player Pair bet spots by increasing the payout a lot as} 88x. One, two or three Red Envelopes can be generated for the same spherical, and they can all have totally different increased payout values. The number one casino recreation on the planet is 카지노 a little bit of a mystery to many American casino-goers.
ReplyDelete