使用ssh 登陆后,提示如下错误:
$ ssh -i ./z_key_2010 -p 26 -v z@119.xx.xx.151
OpenSSH_7.8p1, LibreSSL 2.7.3
debug1: Reading configuration data /Users/zyh/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 48: Applying options for *
debug1: Connecting to 119.xx.xx.151 [119.xx.xx.151] port 26.
debug1: Connection established.
debug1: identity file ./z_key_2010 type -1
debug1: identity file ./z_key_2010-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.8
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
debug1: match: OpenSSH_7.4 pat OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002
debug1: Authenticating to 119.xx.xx.151:26 as 'zyh'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:iejlGNnK3SkrDLu+OU1Z4U3tA3Q87yLU
debug1: Host '[119.xx.xx.151]:26' is known and matches the ECDSA host key.
debug1: Found key in /Users/z/.ssh/known_hosts:11
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: Skipping ssh-dss key ./z_key_2010 - not in PubkeyAcceptedKeyTypes
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: Next authentication method: publickey
debug1: Trying private key: ./z_key_2010
Enter passphrase for key './z_key_2010':
sign_and_send_pubkey: no mutual signature supported
debug1: No more authentication methods to try.
z@119.xx.xx.151: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).主要错误为:sign_and_send_pubkey: no mutual signature supported
原因:
MacOS升级10.14.1 后,SSH版本OpenSSH_7.9p1,不再支持dsa算法。使用iterm2远程免密登录跳板机(堡垒机)失败。 提示不支持相互签名。
解决方法:
新的OpenSSH版本(7.0+)不推荐使用DSA密钥,默认情况下不使用DSA密钥(不在服务器或客户端上)。这些密钥不再被使用,因此如果可以,我建议尽可能使用RSA密钥。
如果确实需要使用DSA密钥,则需要在客户端配置中使用
PubKeyAcceptedKeyTypes+ssh-dss
应该将该行放入~/.ssh/config中
$ cat .ssh/config
Host *
PubkeyAcceptedKeyTypes=+ssh-dss然后修改config的权限为600
chmode 600 ~/.ssh/config再次登陆,已经成功了:
$ ssh -i .keys/2010/z_key_2010 -p 26 zyh@119.xx.xx.151
Last login: Thu Apr 18 09:14:45 2019 from 58.xx.xx.12
参考:
https://www.sunjs.com/article/detail/4e7d634c87d440d5913bb12b859b9505.html
1752
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
