The OpenSSH team has a habit of turning off ciphers/features every few releases. The rationale behind this decision is open to debate (this breaks compatibility with Cisco switches, for example), but so far they are only disabling by default rather than removing.
So long as it’s just disabled, it’s easy enough to re-enable. Here’s what to tweak when trying to connect a MacSSH client to a OpenSSH server:
- Add this to sshd_config on the server and bounce the process:
Ciphers +aes256-cbc MACs +hmac-md5 KexAlgorithms +diffie-hellman-group1-sha1
- Create a profile for the server in MacSSH. You’ll want to turn compression completely off (it defaults to zlib).
- If you’re using public key authentication, you must export the public key from MacSSH and run it through ssh-keygen thusly:
ssh-keygen -f ${PUBLIC_KEY_FILE} -i >> ~/.ssh/authorized_keys
That should do it. At some point I may hack a more current version of lsh into MacSSH to add new ciphers into the suite, but this works for now.
