How to Fix 'No Matching Key Exchange Method Found' on Mac

These are instructions on how to fix the 'no matching key exchange method found' error message when trying to SSH on Mac.

When attempting to SSH into an older server using macOS, you may receive a ssh error message that reads something like:

Unable to negotiate with 123.123.123.123 port 22: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1



For a successful connection, OpenSSH must have at least one mutually-supported choice for each parameter. If the client and server fail to agree on a mutual set of parameters then the connection will fail. In this case, the client and server were unable to agree on the key exchange algorithm. The server offered diffie-hellman-group1-sha1 which is supported by OpenSSH but no longer enabled by default. It is considered weak and within theoretical range of the Logjam attack.

There are a couple ways to resolve this...

Easiest Solution

Step One

Reattempt your SSH connection, adding the following to your command line:
-oKexAlgorithms=+diffie-hellman-group1-sha1

ie. ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 username@123.123.123.123




Alternatively, you can follow these steps to make the option permanent...

Permanent Solution

Step One

Open a new Terminal window.

Step Two

Type sudo nano ~/.ssh/config, then enter your administrative password if prompted.

Step Three

Add the following lines to the config file, replacing 123.123.123.123 with the IP of the server you are connecting to.

Host 123.123.123.123
KexAlgorithms +diffie-hellman-group1-sha1

Step Four

Press Control+X to exit. Input Y when asked to ask save modified buffer.



Hit Return to confirm the file name to write.

Step Five

Now you can SSH into your server as normal.

ssh username@123.123.123.123