macOS Sierra SSH Client

If you’ve upgraded to macOS Sierra you may have seen the following error message when attempting to use the builtin in SSH client to connect to certain SSH servers:

Mac:~ user$ ssh admin@10.10.0.40
Unable to negotiate with 10.0.0.1 port 22: no matching host key type found. Their offer: ssh-rsa

This issue is caused by a change introduced by the version of OpenSSH (version 7.2) that is included with macOS Sierra. In OpenSSH version 7.x certain older security algorithms are disabled by default which generates the error message above. The fix is to either update the SSH server settings or simply change the configuration on your computer to allow the less secure algorithms by editing /etc/ssh/ssh_config and adding the following two lines to the end:

HostkeyAlgorithms +ssh-dss
KexAlgorithms +diffie-hellman-group1-sha1

Thanks to http://goodbyecli.com/macos-sierra-beta for a quick write up on this!

After you save this file all should be well. I would recommend you research how to correct the underlying configuration the SSH server as more security is usually a good thing 🙂