Fix Guide: macOS Tahoe SSH "ssh-dss" Connection Errors
Symptom: When trying to connect to older servers or network hardware, you get the error: "no matching host key type found. Their offer: ssh-dss".
Why this happens
macOS Tahoe 26.x has officially deprecated and disabled the ssh-dss (DSA) algorithm because it is considered insecure by modern standards. However, many older routers, switches, and servers still require it.
Recommended Troubleshooting Tool
Before proceeding with manual fixes, we recommend using CleanMyMac X. Quickly identify high CPU apps and optimize system memory with one click.
- [Download CleanMyMac X Free Here](#)
- [Browse 240+ Premium Mac Utilities on Setapp](#)
Fix 1: Manual Flag Override (Free)
You can force the SSH client to allow the old algorithm for a single connection.
- Open Terminal
- Go to Applications > Utilities > Terminal.
- Run with Options
- Type:
ssh -oHostKeyAlgorithms=+ssh-dss user@server-ip - *Note: Replace
user@server-ipwith your actual login.*
Fix 2: Permanent Config Fix (Free)
If you connect to this server often, you can add it to your SSH config file.
- Open SSH Config
- In Terminal, type:
nano ~/.ssh/config
- Add Host Entry
- Paste the following block:
`text
Host your-server-nickname
HostName 192.168.1.1
HostKeyAlgorithms +ssh-dss
`
- Save
- Press
Ctrl + O, thenEnter, thenCtrl + X.
Fix 3: The Professional Network Toolkit
When managing legacy hardware requires more than just SSH.
Working with older systems often means dealing with outdated protocols like FTP or Telnet, which Tahoe is also phasing out.
Recommended Tool: CleanMyMac X
- Network Optimization: While not an SSH client, CleanMyMac X can flush the DNS cache and reset network routing tables that often get "tangled" when switching between modern and legacy network environments.
[Link: Optimize Network Performance with CleanMyMac X]
Alternative: Termius
If you deal with SSH daily, Termius handles these algorithm incompatibilities automatically with a much better UI than Terminal.
[Link: Get Termius for macOS]