昨天在虚拟机上安装了个CentOS7.4系统,装的是minimal类型。配置好ip后,就用远程连接工具去连接,结果就碰到了
文章标题中提到的错误。
先说一下我的环境吧,我用的mac电脑,系统是OS X EI Capitan 版本 10.11.6;远程连接工具是vSSH 1.7(注:看介绍
也是参考PuTTY软件开发的),sshd版本:OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017。
在用vSSH连接报错后,我尝试用mac自带的命令行ssh 去连接,但是没发现这样的问题。这样一对比,就会发现:
1.是我远程连接工具的问题 2.sshd版本或者配置的问题
然后查看错误日志:
journalctl --unit sshd --no-pager
发现:error: kex protocol error: type 30 seq 1 [preauth]
在网上查阅了一些解决办法后,发现 https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/rfc4419.html 这个链接
里已经解释了这个问题。
The variant of Diffie-Hellman key exchange in which the server sends a different prime modulus every time (known in
SSH as 'group exchange') was revised by RFC 4419 to change the format of the SSH_MSG_KEX_DH_GEX_REQUEST
message, and also its message number. PuTTY didn't get round to supporting the revised message for quite a long time,
but as of 0.65 it will now do so.
(The OpenSSH server is removing support for these messages. It has backwards-compatibility code for old versions
of PuTTY, but assumes that 0.65 onwards will support the revised message. If for some reason the backwards-compatibility
arrangements don't work, the symptom is a message like error: Hm, kex protocol error: type 30 seq 1 [preauth] in the SSH
server log.)
最终在这个链接 https://my.oschina.net/longquan/blog/1612533 里找到了解决办法,亲测可用。
# Add this to /etc/ssh/sshd_config
KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1
# systemctl restart sshd
原因大概就是
use libssh2, and libssh2 only support diffie-hellman key exchange methods
而且升级libssh2也不能解决,应该是个bug。
3898
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
