macOS ssh error: unable to negotiate with IP: no matching cipher


Environment: MacOS mojava version 10.14

After updating the Mac OS, the following error occurs when you use SSH to push the code to the server.

ssh error: unable to negotiate with IP: no matching cipher found.Their offer: aes256-cbc,aes192-cbc,aes128-cbc… 

Unable to negotiate with XX.X.X.XXX port XX: no matching cipher found. Their offer: aes256-cbc,aes192-cbc,aes128-cbc
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

The reason for the error is that the SSH version of the code warehouse server to be connected is too low, and the cipher of the client and the server do not match. We need to re enable the old cipher on our client (MAC after OS upgrade), so that we can re-establish the connection.

The specific steps are as follows:

Step 1: terminal enter sudo nano / etc / SSH / SSH_ config

atcs-air:~ XXX$ sudo nano /etc/ssh/ssh_config

Step 2: find ciphers, aes128 CTR, aes192 CTR, aes256 CTR, aes128 CBC, 3DES CBC, and delete the # number in front of this line.

# Host *
#   ForwardAgent no
#   ForwardX11 no
#   PasswordAuthentication yes
#   HostbasedAuthentication no
#   GSSAPIAuthentication no
#   GSSAPIDelegateCredentials no
#   BatchMode no
#   CheckHostIP yes
#   AddressFamily any
#   ConnectTimeout 0
#   StrictHostKeyChecking ask
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa
#   IdentityFile ~/.ssh/id_ecdsa
#   IdentityFile ~/.ssh/id_ed25519
#   Port 22
#   Protocol 2
   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
#   MACs hmac-md5,hmac-sha1,[email protected]
#   EscapeChar ~
#   Tunnel no
#   TunnelDevice any:any
#   PermitLocalCommand no
#   VisualHostKey no
#   ProxyCommand ssh -q -W %h:%p
#   RekeyLimit 1G 1h

Host *
        SendEnv LANG LC_*

Step 3: save SSH_ Config this file, exit. Then you can connect to the code warehouse server through SSH as before.

Reference link:……