为什么 ssh 实用程序被视为 pty？

Question

clarkk

Asked: 2019-08-07 05:17:45 +0800 CST2019-08-07 05:17:45 +0800 CST 2019-08-07 05:17:45 +0800 CST

SFTP 传统密钥交换方法

772

升级到后Debian 10 (Buster)我无法再连接到 SFTP 服务器

找不到匹配的密钥交换方法。他们的报价：diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 连接已关闭

sftp -b - -o StrictHostKeyChecking=no -i private.key -P 10022 user@host

sftp -vv ...返回

OpenSSH_7.9p1 Debian-10, OpenSSL 1.1.1c  28 May 2019
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolving "host" port 10022
debug2: ssh_connect_direct
debug1: Connecting to host [92.60.159.16] port 10022.
debug1: Connection established.
debug1: identity file /var/www/bs_id_rsa type -1
debug1: identity file /var/www/bs_id_rsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.9p1 Debian-10
debug1: Remote protocol version 2.0, remote software version IBM Sterling Connect:Enterprise for UNIX2.5.00
debug1: no match: IBM Sterling Connect:Enterprise for UNIX2.5.00
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to host:10022 as 'user'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,[email protected],zlib
debug2: compression stoc: none,[email protected],zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: host key algorithms: ssh-dss
debug2: ciphers ctos: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc
debug2: ciphers stoc: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc
debug2: MACs ctos: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96
debug2: MACs stoc: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96
debug2: compression ctos: none,zlib
debug2: compression stoc: none,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: (no match)
Unable to negotiate with xx.xx.xx.xx port 10022: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
Connection closed.
Connection closed

钥匙ssh -Q kex

diffie-hellman-group1-sha1
diffie-hellman-group14-sha1
diffie-hellman-group14-sha256
diffie-hellman-group16-sha512
diffie-hellman-group18-sha512
diffie-hellman-group-exchange-sha1
diffie-hellman-group-exchange-sha256
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
curve25519-sha256
[email protected]

使用 Kex 算法：

ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 -i private.key -p 10022 user@host
Unable to negotiate with 92.60.159.16 port 10022: no matching host key type found. Their offer: ssh-dss

使用 HostKeyAlgorithms：

ssh -oHostKeyAlgorithms=ssh-dss -oKexAlgorithms=+diffie-hellman-group1-sha1 -i private.key -p 10022 user@host
Unable to negotiate with 92.60.159.16 port 10022: no matching cipher found. Their offer: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc

SSH 工作

ssh -oHostKeyAlgorithms=ssh-dss -oKexAlgorithms=+diffie-hellman-group1-sha1 -oCiphers=aes256-cbc -i private.key -p 10022 user@host

1 个回答

Voted

Ned64 · Answer 1 · 2019-08-07T08:03:01+08:00

Best Answer

Ned64

2019-08-07T08:03:01+08:002019-08-07T08:03:01+08:00

将特定于主机的参数添加到您的~/.ssh/config文件（如果尚不存在则从空文件开始），如下所示：

Host host.somewhere.dk
  Hostname host.somewhere.dk
  KexAlgorithms diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
  IdentityFile ~/.ssh/private.key
  Ciphers aes256-cbc
  HostKeyAlgorithms ssh-dss
  Port 10022
  User user

或者，如果您不想使用配置文件，请将主机特定选项写入命令行：

ssh -oHostKeyAlgorithms=ssh-dss -oKexAlgorithms=diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 -oCiphers=aes256-cbc -i ~/ssh/private.key -p 10022 user@host

另请注意，在这两种情况下，高于 1024 的端口号都被认为对系统服务不安全，因为任何（非特权）用户都可以打开如此高的端口。最好使用较低的特权端口。

6

SFTP 传统密钥交换方法

模块 i915 可能缺少固件 /lib/firmware/i915/*

无法获取 jessie backports 存储库

如何将 GPG 私钥和公钥导出到文件

我们如何运行存储在变量中的命令？

如何配置 systemd-resolved 和 systemd-networkd 以使用本地 DNS 服务器来解析本地域和远程 DNS 服务器来解析远程域？

dist-upgrade 后 Kali Linux 中的 apt-get update 错误 [重复]

如何从 systemctl 服务日志中查看最新的 x 行

Nano - 跳转到文件末尾

grub 错误：你需要先加载内核

如何下载软件包而不是使用 apt-get 命令安装它？

SFTP 传统密钥交换方法

1 个回答

相关问题