升级到后Debian 10 (Buster)
我无法再连接到 SFTP 服务器
找不到匹配的密钥交换方法。他们的报价:diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 连接已关闭
sftp -b - -o StrictHostKeyChecking=no -i private.key -P 10022 user@host
sftp -vv ...
返回
OpenSSH_7.9p1 Debian-10, OpenSSL 1.1.1c 28 May 2019
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolving "host" port 10022
debug2: ssh_connect_direct
debug1: Connecting to host [92.60.159.16] port 10022.
debug1: Connection established.
debug1: identity file /var/www/bs_id_rsa type -1
debug1: identity file /var/www/bs_id_rsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.9p1 Debian-10
debug1: Remote protocol version 2.0, remote software version IBM Sterling Connect:Enterprise for UNIX2.5.00
debug1: no match: IBM Sterling Connect:Enterprise for UNIX2.5.00
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to host:10022 as 'user'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,[email protected],zlib
debug2: compression stoc: none,[email protected],zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: host key algorithms: ssh-dss
debug2: ciphers ctos: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc
debug2: ciphers stoc: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc
debug2: MACs ctos: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96
debug2: MACs stoc: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96
debug2: compression ctos: none,zlib
debug2: compression stoc: none,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: (no match)
Unable to negotiate with xx.xx.xx.xx port 10022: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
Connection closed.
Connection closed
钥匙ssh -Q kex
diffie-hellman-group1-sha1
diffie-hellman-group14-sha1
diffie-hellman-group14-sha256
diffie-hellman-group16-sha512
diffie-hellman-group18-sha512
diffie-hellman-group-exchange-sha1
diffie-hellman-group-exchange-sha256
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
curve25519-sha256
[email protected]
使用 Kex 算法:
ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 -i private.key -p 10022 user@host
Unable to negotiate with 92.60.159.16 port 10022: no matching host key type found. Their offer: ssh-dss
使用 HostKeyAlgorithms:
ssh -oHostKeyAlgorithms=ssh-dss -oKexAlgorithms=+diffie-hellman-group1-sha1 -i private.key -p 10022 user@host
Unable to negotiate with 92.60.159.16 port 10022: no matching cipher found. Their offer: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc
SSH 工作
ssh -oHostKeyAlgorithms=ssh-dss -oKexAlgorithms=+diffie-hellman-group1-sha1 -oCiphers=aes256-cbc -i private.key -p 10022 user@host
将特定于主机的参数添加到您的
~/.ssh/config
文件(如果尚不存在则从空文件开始),如下所示:或者,如果您不想使用配置文件,请将主机特定选项写入命令行:
另请注意,在这两种情况下,高于 1024 的端口号都被认为对系统服务不安全,因为任何(非特权)用户都可以打开如此高的端口。最好使用较低的特权端口。