When attempting to SSH into an older server using macOS, you may receive a ssh error message that reads something like:
Unable to negotiate with 184.108.40.206 port 22: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
For a successful connection, OpenSSH must have at least one mutually-supported choice for each parameter. If the client and server fail to agree on a mutual set of parameters then the connection will fail. In this case, the client and server were unable to agree on the key exchange algorithm. The server offered diffie-hellman-group1-sha1 which is supported by OpenSSH but no longer enabled by default. It is considered weak and within theoretical range of the Logjam attack.
There are a couple ways to resolve this...
Reattempt your SSH connection, adding the following to your command line:
ie. ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 firstname.lastname@example.org
Alternatively, you can follow these steps to make the option permanent...
Open a new Terminal window.
Type sudo nano ~/.ssh/config, then enter your administrative password if prompted.
Add the following lines to the config file, replacing 220.127.116.11 with the IP of the server you are connecting to.
Press Control+X to exit. Input Y when asked to ask save modified buffer.
Hit Return to confirm the file name to write.
Now you can SSH into your server as normal.