Tuesday, 29 December 2015

Running sshd on El Capitan and compatibility with older versions

To allow myself a login on my home Mac, I open a port on my firewall and allow ssh traffic in.  I use 'prompt' on the iPad and iPhone for ssh access as well as using ssh to start VNC when using 'teleport' to allow sharing go my screen.

This all seemed to break under El Capitain as ssh access via the port over the WAN connection no longer seemed to work.

After some investigation it seems to be the case of the ciphers used by ssh on El Capitan not being as compatible as they could have been with the ssh version on the iPad.

So I did the following:

sudo vi /etc/ssh/sshd_config
And added the following line to the end of the file as one line:

Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,blowfish-cbc,aes128-cbc,3des-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
I then could restart ssh on my new port and access it via the iPad/iPhone applications again.

According to the site itefix.net, this it may be related to the potentially incompatible changes introduced in OpenSSH 6.7 to remove unsafe algorithms.

No comments:

Post a Comment