主页 / unix / 问题 / 736487
Accepted
Mévatlavé Kraspek
Asked: 2023-02-23 00:14:05 +0800 CST

在 Vagrant 中打开 Solaris11:无法与 127.0.0.1 端口 2222 协商:找不到匹配的主机密钥类型。他们提供:ssh-rsa,ssh-dss

  • 772

我使用这个 Vagrantfile:

Vagrant.configure("2") do |config|

  config.vm.box = "jonatasbaldin/solaris11"
  config.vm.box_version = "1.0.0"
  
end

成功vagrant up,但vagrant ssh退出时返回 255 代码,根本没有任何输出。要调试,我做

$ ssh -v vagrant@localhost -p 2222

我得到:

$ ssh -v vagrant@localhost -p 2222
OpenSSH_8.9p1 Ubuntu-3ubuntu0.1, OpenSSL 3.0.2 15 Mar 2022
debug1: Reading configuration data /home/mevatlave/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 267: Applying options for localhost
debug1: /etc/ssh/ssh_config line 288: Applying options for *
debug1: Connecting to localhost [127.0.0.1] port 2222.
debug1: Connection established.
debug1: identity file /home/mevatlave/.ssh/id_rsa type 0
debug1: identity file /home/mevatlave/.ssh/id_rsa-cert type -1
debug1: identity file /home/mevatlave/.ssh/id_ecdsa type -1
debug1: identity file /home/mevatlave/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/mevatlave/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/mevatlave/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/mevatlave/.ssh/id_ed25519 type -1
debug1: identity file /home/mevatlave/.ssh/id_ed25519-cert type -1
debug1: identity file /home/mevatlave/.ssh/id_ed25519_sk type -1
debug1: identity file /home/mevatlave/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/mevatlave/.ssh/id_xmss type -1
debug1: identity file /home/mevatlave/.ssh/id_xmss-cert type -1
debug1: identity file /home/mevatlave/.ssh/id_dsa type -1
debug1: identity file /home/mevatlave/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1
debug1: Remote protocol version 2.0, remote software version Sun_SSH_2.2
debug1: compat_banner: no match: Sun_SSH_2.2
debug1: Authenticating to localhost:2222 as 'vagrant'
debug1: load_hostkeys: fopen /home/mevatlave/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: diffie-hellman-group-exchange-sha256
debug1: kex: host key algorithm: (no match)
Unable to negotiate with 127.0.0.1 port 2222: no matching host key type found. Their offer: ssh-rsa,ssh-dss

尝试了很多来自网络搜索的解决方案,但没有成功。有什么提示吗?

在 virtualbox tty 上,我得到sshd[1234]: fatal: no hostkey alg

ssh

2 个回答

  1. Best Answer

    在 SSH 协议中,有不同类型的密钥,每种密钥允许一种或多种签名算法。服务器端使用的密钥类型是 RSA ( ssh-rsa) 和 DSA ( ssh-dss) 密钥。对于 RSA 密钥,存在三种签名:ssh-rsa(SHA-1)、rsa-sha2-256(SHA-256) 和rsa-sha2-512(SHA-512)。只有后两种类型的签名是安全的;较旧的ssh-rsa签名类型和所有使用 SHA-1 的签名ssh-dss,它已过时且不安全。(所用 DSA 密钥的大小也严重不足现代标准。)

    不幸的是,您使用的 VM 仅支持不安全的算法,因此没有安全的方式连接到它。最好的办法是为更安全的操作系统或更安全的操作系统配置使用不同的映像。

    如果您绝对必须使用此映像,则可以运行ssh -o HostKeyAlgorithms=+ssh-rsa -p 2222 vagrant@localhost以启用不安全ssh-rsa算法并进行连接。

    • 1

  2. 我在 bk2204 的帮助下做了什么:

    Vagrantfile

      config.ssh.config = "ssh_config"
  config.vm.provision "shell", inline: <<-SHELL
  cat /path/to/.ssh/id_rsa.pub >> /export/home/vagrant/.ssh/authorized_keys
SHELL

    ssh_config;

    User vagrant
HostKeyAlgorithms=+ssh-rsa
PubkeyAuthentication yes
IdentityFile /path/to/solaris/id_dsa

    但是用密钥对登录是不够的,即使我修改了sshd配置:

    PasswordAuthentication no
PubkeyAuthentication yes
    • 0

相关问题