写在前面
环境信息:
ganymed-ssh2-build210.jar
目标服务器openssh版本:
openssh 8.2p1
官方网站:
http://www.ganymed.ethz.ch/ssh2/
/etc/ssh/sshd_config 帮助手册(来自openBSD)
When an SSH client connects to a server, each side offers lists of connection parameters to the other. These are, with the corresponding ssh_config keyword:
- KexAlgorithms: the key exchange methods that are used to generate per-connection keys
- HostkeyAlgorithms: the public key algorithms accepted for an SSH server to authenticate itself to an - SSH client
- Ciphers: the ciphers to encrypt the connection
- MACs: the message authentication codes used to detect traffic modification
一、ganymed-ssh2支持的算法如下:
MACs
BlickCipherFactory
KexAlgrithms
二、openssh 8.2p1 /etc/ssh/sshd_config配置信息如下:
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
MACs hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com
KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256
上述配置信息中:
MACs中未包含Ganymed-ssh2.jar所实现的算法,因此需要在配置中补充声明相关算法。
MACs hmac-sha1-96,hmac-sha1,hmac-md5-96,hmac-md5,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com
当发现使用Ganymed-ssh2.jar连接服务出现校验错误时,检查sshd配置,增加相关算法的声明即可。
扫一扫
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
