The Network Engineering Tool

The Network Engineering Tool (which I will now refer to as the netool) is the result if an Indiegogo campaign. I borrowed the unit I tested from the WLPC Lending Library. The netool is a portable, battery powered unit that when connected to an Ethernet port will provide you with information about that port, similar to a NetScout LinkSprinter (~$379), but at a much lower price point ($169). I did not really set out to make this a comparison against the LinkSprinter, but it somewhat turned out that way and I’m okay with that. It’s a natural comparison.

With the netool, you can connect it to an Ethernet port and it will provide you the following information via an app on your mobile device:

  • Connection up/down status
  • Speed of connection
  • DHCP Info
  • Public IP
  • VLAN (for tagged ports)
  • Detects LACP
  • STP Info
  • Can test QoS
  • Detect and authenticate using 802.1X
  • Switch information via CDP/LLDP
  • Verify reachability via ping for default gateway, google.com, and configurable addresses

It’s a pretty nifty tool. Here’s some screenshots of the diagnostic screen.

The netool can also provide an AP allowing direct connection to the device. It also has an interesting Host Discovery mode that can detect information from a host device (as opposed to a switch), however, I was unable to discover the macOS box I was using. This is a new feature in the latest build and I didn’t try very hard to make it work. It’s promising, though.

I was initial unable to get any useful data from the unit because it was on a very old firmware. It’s supposed to be able to update online, but the build was so old that wasn’t working. I had to power the device off and on, connect it to the network, and go to https://netool.io/updatenow/ to force a manual update. After this procedure, it worked well.

There are a few potential downsides to this device. First, it takes about 30s to start up. That’s just when you first turn it on, but you can continue to test multiple network drops without restarting it. If a network connection goes up or down, it takes several seconds to notice. This could be an annoying delay when troubleshooting. Being used to the LinkSprinter, both these delays are a minor, but real annoyance. The delay in detecting up/down changes is far more annoying than the delay in startup. Potentially the biggest downside vs the LinkSprinter, at least for the WLAN pro, is that it does not detect and report on PoE.

The ability to share results is limited to text based tools and there’s no database of results hosted in the cloud. It does have an on-board history, but that’s the only place it’s stored. Having some form of cloud based history is very convenient. Again, I have to draw a comparison here against the Link-Live service for the LinkSprinter. Link-Live allows multiple users and multiple units to be associated, allows photos and notes to be added, and can also send your results via email. It’s a much more enterprise-type solution. This is probably a bigger deal for larger shops than one-man operations, but it’s one of the things you get for the higher price point.

Lastly, the only way to get the information from the netool is through the app on your smartphone. The LinkSprinter has helpful LEDs to give you a quick thumbs up/down on a link, which can save you time. Again, how big a deal this is depends on your use case.

Conclusion

Despite the potential downsides I mentioned, this is still a slick device. It does do things the LinkSprinter cannot, such as provide STP info, detect LACP, and detect VLAN tags. LinkSprinter does a few things it cannot, like detect PoE. The netool has had many features added since it first was released and I presume they will continue to add new features. I think this could be a great addition for many an engineer’s toolkit, especially at it’s price point and given it’s potential for new features. If I can only carry one, I personally will continue to carry my LinkSprinter. It fits my needs better and I already own them. For a route/switch focussed engineer, I could see the netool being a better fit. Pick the tool that best fits your needs or just buy both to make sure your bases are covered. :)

FIN

What I’m Looking Forward to at Cisco Live 2017

I have arrived in Las Vegas for Cisco Live 2017. My schedule is pretty full and I wanted to share some of what I’m looking forward to this year. One thing I’m not looking forward to is 112F temperatures outside! I’m glad I’ll be safely inside the air conditioned spaces.

The Social Scene

I have a lot of friends here at Cisco Live. Many fellow attendees, some exhibitors, and even a few Cisco Live staff. It’s great to see everyone and catch up on what everyone has been up to. We talk about tech, analyze the announcements, and just generally geek out. We often talk about problems we are having and help each other solve them, too. It really adds to the conference when it’s not only highly educational, but also fun! The Tweet Up that happens on Sunday evening is always a great time of catching up and meeting new people, too.

CCDE Techtorial

I’ll be attending the CCDE techtorial, TECCCDE-3005. It should be an informative day all about network design and how to think about network design. I don’t know that I’ll actually actively pursue the CCDE certification, but I’m interesting to see what I can learn from this session. This session will probably generate a lot of tweets!

On a related note, I’ll be taking a certification exam on Monday. Full conference attendees have the opportunity to take a certification exam at no charge, so I figured I may as well try out the CCDE written exam to see where I’m at. I don’t really expect to pass, but I am curious to see how I’ll do.

TFDx

Tech Field Day is running Tech Field Day Extra at Cisco Live on Tuesday and Wednesday. The sessions will be live streamed and recorded for later viewing. I’ll be busy on Tuesday, so I’ll have to watch Cisco’s presentations (starting at 8:30 Pacific) at a later date, but I’m one of the delegates for Wednesday’s presentations with OpenGear at 1PM, Paessler at 2:30, and NetApp at 4PM. I’m really looking to hearing what they all have to say and having the opportunity to talk with them during TFDx.

Meet the Engineer

Myself and a couple other Wi-Fi professionals have an hour to talk Wi-Fi with Jerome Henry. Jerome is a deep Wi-Fi expert, so I expect this that hour discussion is going to go by really quick!

Sessions

There are over 1000 sessions to choose from. Making these choices is hard! Here’s a couple that I’m most interested in:

  • DNA Assurance: bring intelligence to your WLAN issues [BRKEWN-2032]
    Remember Jerome from the MTE session? He’s also an entertaining and informative teacher and this is one of his session. I’m still pretty vague on this DNA architecture, but if Jerome is giving a presentation on how DNA can help solve Wi-Fi problems, I need to see this.
  • APIC-EM: Controller based policy and network automation – changing the future [BRKARC-3004]
    I still haven’t played with APIC-EM, though I’ve seen a few demos in the past. It’s time to see what this thing can do and how I can apply it to managing my own environment.
  • IT Career Choice: Specialization vs Generalization [IITGEN-1002]
    This is a 30 minute panel discussion about the specialist vs generalist career decision with myself and two other Cisco Champions. It’s in the IoT Theater at 1PM on Tuesday. I hope those who attend find it interesting!
  • Cisco SD-Access Wireless Integration [BRKEWN-2020]
    SD-Access is brand new Campus Fabric stuff. It ties into the DNA architecture and I know nothing about it. This session should fix that!
  • Improve Enterprise WLAN Spectrum Quality with Cisco’s advanced RF capacities (RRM, CleanAir, ClientLink, etc) [BRKEWN-3010]
    Oddly, I don’t think I’ve ever been to this session before. It’s time to fix that and Cisco’s Jim Florwick is fantastic. Should learn a thing or two and will certainly have some existing knowledge reinforced.
  • Cisco Live Network and NOC: Panel Discussion [PNLNMS-1035]
    This is always a fascinating discussion. The people who run the network for Cisco Live talk about how they did, the successes and failures, and share some fascinating statistics about the network and the way it was used. I usually hit this session about every other year. It really is amazing that they are able to support 25k+ attendees by building a network in about less than a week that will only be used for a week.

So, those are the things I’m most looking forward to. I’m sure I’ll find the keynotes interesting and there’s always new things to see in the World of Solutions. I’m sure I’ll be surprised by some great unexpected things this week.

FIN

Updated WLC Snippet

Just a quick note to share my updated TextExpander snippet for downloading files to a Cisco WLC. I’ve added a dropdown for my most commonly used datatypes and transfer modes and made the username and password optional. Enjoy!

transfer download datatype %fillpopup:name=datatype:default=code:config:webadmincert:webauthbundle:webauthcert%
transfer download filename %fill%
transfer download path %fill:/%
transfer download serverip %fill%
transfer download mode %fillpopup:name=popup 7:tftp:default=sftp:ftp%
%fillpart%transfer download username %fill%
transfer download password %fill%%fillpartend%
%fillpart%transfer download certpassword %fill%%fillpartend%
transfer download start

Exploring Mesh with an AP-205H

After Wireless Field Day 8, Aruba, a Hewlett Packard Enterprise Company™, generously provided the delegates with a variety of hardware to take a look it. It was quite the spread and a very impressive sampling of products. One of the devices I particularly like is the AP-205H 802.11ac access point. The AP-205H is intended for both hospitality and remote worker deployments. It can be powered through PoE, has 4 Ethernet ports, and can even provide up to 10W of power to another PoE device. It can be wall mounted, ideally at on a wall plate using the Ethernet port on the rear for uplink, or desk mounted with a stand.

I can see this unit being great in dorms, study rooms, and in hotels, however I decided to try something a bit different and turn it into a wireless bridge for my media devices. I have a home theater PC, a Roku, and a PS3 connected to the living room TV. The PC connects using a flaky 802.11ac USB adapter, the Roku has built-in 802.11n, and the PS3 only supports 802.11g. In my neighborhood, 2.4GHz is typically at 70% or more airtime usage, so performance leaves a bit to be desired. This would make moving everything to 5GHz a big win, as well. By moving all the devices to a mesh connected AP, we can reduce channel contention, move everything to 5GHz, and improve the overall network performance for all the devices. Also of important note, there is both an AP-205H and an AP-205. These have different form factors, so don’t forget the ‘H’! That said, you could also use the AP-205 to make a wireless bridge.

205 vs 205H

Given an existing IAP deployment, the first thing to do is add the AP-205H to the wired network so it can join the virtual controller. This did not work for me at first because the version of code on my VC was older than what the 205H required. I upgraded the firmware on both the 205H and the 225 I’m using as an uplink so they were on the same version. I had to upgrade them anyway, since the 802.11ac APs require 6.4.3.1-4.2.0.0 or later to support mesh operation. Worth noting is that Aruba Instant 4.1 and later default to having Extended SSID enabled, which will disable mesh operation. You may need to disable that feature to use mesh. This comes with the minor caveat that with Extended SSID disabled you are limited to creating six networks, but you weren’t going to do that, anyway.

Disabling Extended SSID

After all the settings are in order and the 205H joins the controller and synchronizes the VC configuration, switching to mesh operation is easy. Just disconnect the wired uplink and wait. After a couple minutes you’ll see that the AP has rejoined the controller using Wi-Fi for the uplink. However, there’s still a couple more changes to make before you connect wired devices to the mesh AP. If you connect a device to Ethernet ports 1-3 at this point, that device will obtain a controller provided IP address and may be stuck behind a nonexistent captive portal. If you connect a device to Ethernet 0, you’ll find the mesh is disabled since the AP will just believe the wired uplink has just returned.
To enable the Ethernet 0 port to be used as a downlink port, select the AP in the virtual controller and edit it. Under the Uplink tab, you want to enable “Eth0 bridging.” You may need to reboot the AP for this to take effect.

Enabling Eth0 Bridging

To make sure your wired ports are bridging to the wireless, you also need to configure the rules for wired ports. This is accessed in the VC under the More menu and selecting the Wired option.

Wired Settings

Now you can either create a new wired network profile or do what I did and just update the “default_wired_port_profile.” The correct settings are dependent on your environment and goals, but for this instance simplicity works fine. You also need to assign the wired ports to use the new/updated profile(s). Notice that the devices I have on my wired ports are listed in the Wired Users window.

Wired Profile Settings

Once your ports are set, you can edit your profiles to operate as you see fit. In the Wired Settings tab, make sure the ports are admin up and that the uplink setting is set to disabled.

Wired Settings

In the VLAN tab, make sure Client IP assignment is set to “Network assigned” unless you are using the VC’s internal DHCP server.

Client IP Assignment

Now you can connect wired clients to the AP’s Ethernet ports and they will connect to the network through the Wi-Fi uplink. In mesh mode, the AP will continue to provide service to wireless clients, so you can also extend coverage in this way.

I hope you find this a useful little guide. This was a fun little project to solve a small problem. It helped me learn a bit about mesh operation in an Instant deployment and challenged me to implement something I’d not done before. That’s a great way to learn new things. Just pick something you haven’t done before and do it!

FIN

Unofficial #WLPC Twitter Attendee List, PHX2017 Edition

It’s become a tradition here at Mostly Networks to run the unofficial Twitter attendee list for the US edition of the WLPC conference. I hope you find the list useful! It’s not updated real-time, but it will be updated at least daily as long as people keep adding themselves. A new addition this year is the airport code. This way you can see if anyone worth sharing a meal with is in the town you’ll be in for your next gig. :)

Fill out the form at the bottom of this page to be added (easiest for me), but you can also send a tweet to me at @scottm32768. You can add a note to share anything of interest to the attendees, like your CWNE status, podcast, that you work for a vendor, or that you really like tacos. The airport code is to help people find you if they end up in your neck of the woods. Obviously, the note and airport code are optional.

Note: This is for attendees. Sorry, if you aren’t attending I will not add you to the list.

[Last Update: 2017-02-2106:54:42Z]

Name Twitter IATA Blog Notes
Keith Parsons @KeithRParsons SLC wlanpros.com Runs the WLPC Conferences!
Scott McDermott @scottm32768 SEA mostlynetworks.com Creator of this list and all around swell guy.
Alan @Papageordy
Brian Smith @elonsmitty BWI Human Pin Cushion
Adrian Granados @adriangranados MLB www.adriangranados.com Maker of WiFi Explorer
Luke Jenkins @wifiluke SLC wifiluke.com
Matthew Norwood @matthewnorwood BNA www.insearchoftech.com
Patrick Swackhammer @swackhap STL swacknet.net
Troy Martin @troymart YYC Forced by circumstance to be a WiFi Cowboy
Robert Boardman @Robb_404 SJC robb404.com Creator of HubHolster and all around nerd
Brennan Martin @CdnBeacon YXE blog.mroute.ca Part of the Canuck invasion
Anders Nilsson @herrnilsson2 UME Bringing Hälge the Swedish WiFi Moose
Blake K @blakekrone MSP blakekrone.com That guy that wears a tie
Stewart Goumans @WirelessStew YVR www.WirelessStew.com
Darrell DeRosia @Darrell_DeRosia MEM I did Wi-Fi before it was cool
Jacob Snyder @jsnyder81 BOI Transmitfailure.blogspot.com
Aaron Scott @wifidownunder SYD wifidownunder.com
Steve McKim @alfmckim YWG www.greatwhitewifi.com/blog How’s it goin, eh?
Ryan M. Adzima @radzima LAS Techvangelist.net The beard that doesn’t need a tie to impress.
Patrick Nefkens @Dutch_Fi AMS
Richard Steiner @Rick_WiFi_guy
Mitch Dickey @badger_fi CHO badger-fi.com
Joshua Williams @802dotMe OKC eight02.me I’m as old as Chili’s, but only half as salty.
Nigel Bowden @Wifinigel Wifinigel.com Typical Brit
Ronald van Kleunen @@globeron BKK www.globeron.com CWSP Bootcamp. Wi-Fi profs are on Twitter
Scott Staapleton @scottpstapleton phasedcoexistence.blogspot.com ᚡ <– AP in the corner or a spiders web?
François Vergès @@VergesFrancois YXU semfionetworks.com/blog
Zaib Kaleem @wlanbook IAD wlanbook.com
Ian Beyer @Ianbeyer MCI Blog.ianbeyer.com
Glenn Cate @grcate TPA gcatewifi.wordpress.com CWNE #181
Beef @wirednot SYR wirednot.wordpress.com I’m sorry, Senator- I don’t recall.
Shaun Bender @Welles MCI onwhereyoustop.com Tacos
Chris Reed @TheCMReed MHT TheCMReed.com Too fly for the Wi-Fi
Mark Edwards @marke3117 XNA Wifi for the win
Nick Martinez @networkengin33r DFW networkengin33r.wordpress.com
Matt Frederick @mattbfrederick OKC finesine.com
Brian Long @blong1 SNA blong1wifiblog.blogspot.com/
Stephen Montgomery @Steviewireless MEM
Mike Leibovitz @MikeLeibovitz YYZ
Timo @dot11_de SFO www.wifi-blog.com
John Deegan @Sn1ph3r EWR
Rich Hummel @accelhummel SAT
Jason Rinaldi @jasonmrinaldi1 SAT
Rick Dagon @rickywireless SAN rickywireless.com Currently Aruba So Cal SE (Previously Cisco LAN/WLAN SE for Presidio)
Charlie Clemmer @charlieclemmer DAL www.charlieclemmer.com
Joel Crane @Potato_Fi BOI potatofi.blogspot.com Mostly attending for the In-N-Out run.
Scott Lester @theitrebel MSY Stuck in a Stadium catwalk with AP
Chad Teal @chadteal ATL
Scott Lester @theitrebel MSY Stuck in a Stadium catwalk with AP
Joshua Gochee @Jgochee BNA
Justin Cetko @Justinskyline SMF
Curtis Larsen @curtisklarsen SLC Work at UofU
Veli-Pekka Ketonen @VPonwireless CLE @7signal, the Wi-Fi performance company
Nathan Shirey @Know_Tech MHT
Dan Ryan @danryan06 MHT
Dennis Burrell @TGIWiFiGuy AUS
Martin Ericson @vofi_martin GOT
Miss Mae @Mae149 YQB Missmaeswifi.com That French Canadian chick, eh!
Bryce Floyd @bfloyd08 MSP it’s all ball bearings…..
Doug Mason @wifidoug SFO Wouldn’t miss it!
Robert Eubanks @eubanksrob IAH
Jonathan Finney @wifispy BNA
David Wilson @Daviddbwilson SFO Co-founder & CEO, Cape Networks
Jonathan Davis (JD) @subnetwork GSO subnetwork.me Y’all got any more of that…WiFi?
Jim comment @jimwifi1 DTW
Todd Hall @tmhall2 GTR
craig schnarrs @the_wifi_guy DTW
Jason D. Hintersteiner @EmperorWiFi JFK www.emperorwifi.com SMB Wi-Fi Expert
Brad Weldon @bradweldon PDX tacos are the best
Tom Carpenter @carpentertom CMH cwnp.com Warm weather, here I come!
Tim Rousset @TimRousset WAS
Vladan Jevremovic @v_jevremovic IAH www.ibwave.com
Dilip Advani @advani_dilip SFO CWNE#43; @ Netscout
Eric Garnel @wifistrong ABIA Does the hotel have a gym?
Chris Kelly @WiFiFrood ATL I need an ippy for my appy
Nigel Kemp @NigelKemp1 LHR Still learning
Aren @SrScalability MRY wifirabbithole.wordpress.com We’ll see.
Chris Harkins @capiowifi ATL wififorthedatabaseguy.wordpress.com/ Aerohive Knowldege Services
Mike Jordan @OFDMJ RNO
Brian Blume @AMABrian803 MKE
Tim Smith @timjsmith24 XNA
Kristin Kråkmo @KristinKraakmo
Frank Wikstrøm @frankwik
Ignacio Sánchez @NeseNueve MVD
Rick Murphy @RickMurphyWiTS Den Affiliations: IEEE SA, WiTS, WLAN-AB, WLAN Stress Testers, BICSI Wireless Standards Board
Peter Mackenzie @mackenziewifi pnmackenzie.tumblr.com
Jason Hill @wifirockstar DTW
Alex Burger @aaburger85 DIA
Michael Champanis @capenetworks CPT ‘); DROP TABLE attendees;–

FIN

Looking forward to Networking Field Day

nfd-logo-400x400There’s nothing quite like a Field Day event and I have the privilege of being invited to Networking Field Day on Nov 17th and 18th. At Field Day events, you have the opportunity to hear deep in the weeds technical content from several presenting companies. We can have conversations about how their technology really works and how it works in our environments. While it’s great to be there, they are also very useful to attend virtually through the live stream and Twitter. Twitter is great because you can send the delegates your questions and they can ask the presenters right then! If you can’t watch live, it’s all recorded and posted to YouTube for later perusal. Even if I attend an event, I often end up watching the YouTube videos to help make sure my blog posts are accurate.
This week is a unique one in that two Field Day events are taking place back to back! Tech Field Day 12 is running on the 15th and 16th, so there’s an opportunity to really take in a lot of content! Enough about Field Day in general, let’s look at what’s coming up at Networking Field Day, November 2016 edition!

apstra
Apstra is all about network automation. I’ve heard some high level talk about them, but haven’t looked into them before. Their website says they are intent-driven vendor-neutral data center network automation. I’ll be interested to hear if they are going to move beyond the data center. I like the concept of the intent-driven network, which is telling the network what you want to accomplish and letting it figure out how to configure it instead of you having to specify all the details. This kind of automation is good and should make networks more reliable, so I’m looking forward to learning more about their solution.

solarwinds
I’m a big fan of Solarwinds products. They usually work well and do 80-90% of what vendor and other big name management products do for a fraction of the price. Most of the time that’s still more features than you actually will use in a given deployment. Reasonably priced and easy to use, Solarwinds is my go-to for network management. It’s always great to hear what they’ve been up to and see what new features they have in store.

forward-networks
This is exciting! From their website: “Forward Networks is bringing the best ideas in Computer Science to networking. Our mission is to dramatically improve networking for companies of all sizes.” Doesn’t tell us much, but it sounds like they are working on ways to make network configurations testable and to detect misconfigurations. I’m certain that’s a gross oversimplification, but they are exiting stealth mode and telling everyone what they have up their sleeve at Networking Field Day! Be sure to catch this, it should be interesting. [Update] They exited stealth mode on Nov 14, so their website has more information now. Read about it here.

velocloud
Who doesn’t want a good SD-WAN solution? I think I first heard about VeloCloud on Packet Pushers episode 257. There’s an ever growing number of SD-WAN vendors and solutions out there and the claims are so similar, it’s hard to differentiate between them. It’ll be great to deep dive into this one!

ixia
Ixia has one of my favorite ad graphics:
mostly-watertight
I’m OK with Mostly Networks, but not so much with the mostly watertight. :) Ixia makes a number of tools for network testing, security, and visibility. I’m not sure what they’ll be talking about; perhaps a bit of everything. I’m familiar with Ixia by name and am aware mostly of their very well regarding network testing equipment, however I really don’t know much more about them or their products. I’m eager to learn more about them.

viptela
More SD-WAN! I’m eager to see their presentation and I’m pretty sure Packet Pushers episode 223 introduced me to Viptela, as well. SD-WAN is the future of WAN connections, so the more you know about the solutions available the better. Knowing is half the battle!

nec-networking
I presume NEC will be talking about SDN and OpenFlow. I’ll be honest, this isn’t an area I’ve been paying much of attention to. OpenFlow just hasn’t really been on my radar for a while. Time to up my game, get reacquainted with OpenFlow, and find out what NEC is doing with it. I’m sure this one will be educational.

There’s your quick overview of the presenters for Networking Field Day 13. Be sure to tune in live on November 17th and 18th for Networking Field Day and on the 15th and 16th if virtualization, containers, and the like up your alley. All the live streams will be playing at http://techfieldday.com/. Participate by watching the stream and submitting your questions via Twitter using the hashtag #NFD13. You can ask your questions ahead of time, too, especially if you can’t watch live. The delegates will try to make sure your question is asked. It’s going to be a great week for Field Day content!

FIN

Fixing macOS Sierra/OpenSSH 7.x Compatibility

aaa cliI’ve seen this question come up several times from users of macOS Sierra who use SSH after upgrading. It usually goes something like, “Has anyone seen this since upgrading to Sierra?”

Unable to negotiate with 192.0.2.1 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1

Another issue you might come across is your public key ceasing to work. If you connect with the verbose option (ssh -v hostname), you might catch a bit like this in the output:

Skipping ssh-dss key /Users/scottm/.ssh/id_dsa - not in PubkeyAcceptedKeyTypes

These aren’t a Sierra issue per-se, but is more specifically related to the upgrade from OpenSSH 6.9 in El Capitan to OpenSSH 7.2 in Sierra. OpenSSH deprecated a number of methods and algorithms in 7.0. They are still supported, but are disabled by default. For more information, check out OpenSSH: Legacy Options.

That’s all fine and dandy, but what you really want is a solution. You probably have some security appliance, router, or similar that doesn’t support any other methods and you just need it to work. Perhaps like me, you have an older private key that isn’t up to the new requirements, but you still need to use it. The options to fix these issues are KexAlgorithms +diffie-hellman-group1-sha1 and PubkeyAcceptedKeyTypes=+ssh-dss. You can add these at the command line (ssh -o PubkeyAcceptedKeyTypes=+ssh-dss hostname), but that’s kind of a pain.

A more convenient way to use them is to add these options to your ~/.ssh/config file. If you don’t already have this config file, it’s a plain text file you can create with your text editor of choice. At the top of the file, add:

# Settings for all hosts
PubkeyAcceptedKeyTypes=+ssh-dss
KexAlgorithms +diffie-hellman-group1-sha1

Now your public key and the key exchange algorithm will work anywhere you connect. Perhaps you’d like a bit more granularity?

# Settings for all hosts
PubkeyAcceptedKeyTypes=+ssh-dss

# Host specific settings
Host *.net.mydomain.net
 KexAlgorithms +diffie-hellman-group1-sha1
 User username

This allows the public key for all hosts, but only allows the diffie-hellman-group1-sha1 algorithm to be used with hosts matching the wildcard. Additionally, this example shows using a different username than your login on your local machine. There are a lot of options available, but these are the ones I use most. You might also find Compression yes to be useful if you connect to hosts with low bandwidth links.

As an aside, if you are a macOS user using Terminal, I highly recommend checking out iTerm2. It’s far superior to Terminal and has many features to improve the experience of using the shell.

FIN