今天用ssh 登录交换机的时候发现访问不了 一直报no matching key exchange method found
ccchw@ccchw-HP-Compaq-Elite-8300-CMT:~/.ssh$ ssh itte@10.163.111.16
Unable to negotiate with 10.163.111.16 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1
错误分析:
这个错误消息是由SSH客户端引发的,表明SSH连接无法成功,因为远程SSH服务器提供的密钥交换方法与SSH客户端支持的方法不匹配。错误消息中提到的密钥交换方法是 "diffie-hellman-group1-sha",这是一个较旧且不安全的密钥交换方法,通常不建议使用。
尝试以下几种方法之一:
升级SSH客户端:首先确保您的SSH客户端是最新版本,因为新版本通常会支持更多的加密算法。您可以从SSH客户端的官方网站或存储库下载并安装最新版本。
更新SSH服务器配置:(最常用方法)如果您控制SSH服务器,可以尝试更新SSH服务器的配置,以支持SSH客户端支持的加密算法。在SSH服务器的配置文件中(例如
sshd_config
),可以使用以下选项来限制支持的加密算法将其中的算法列表替换为您认为适当且安全的算法列表。与管理员联系:如果您不控制SSH服务器,或者无法更新配置文件,那么可能需要联系SSH服务器的管理员,询问他们是否可以更新服务器以支持更多的加密算法
我使用的解决办法:更新SSH服务器配置
再~.ssh/ 创建 config 文件 添加密钥交换方法 ,
注意:要根据客户端的提示来逐一添加密钥交换方法
解决 diffie-hellman-group1-sha1
Host 10.163.111.16
KexAlgorithms diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256
当解决完diffie-hellman-group1-sha1可能出现ssh-dss 密钥交换方式的错误:
ccchw@ccchw-HP-Compaq-Elite-8300-CMT:~/.ssh$ ssh itte@10.163.111.16
Unable to negotiate with 10.163.111.16port 22: no matching host key type found. Their offer: ssh-dss
解决ssh-dss 的问题
Host 10.163.111.16
KexAlgorithms diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256
HostKeyAlgorithms ssh-dss
当解决完ssh-dss可能出现ciphe 密钥交换方式的错误
ssh itte@10.163.111.16
Unable to negotiate with 10.163.111.16 port 22: no matching cipher found. Their offer: aes256-cbc,aes192-cbc,aes128-cbc,twofish256-cbc,twofish-cbc,twofish192-cbc,twofish128-cbc,blowfish-cbc,3des-cbc
这是我最终的config
Host 10.163.111.16
KexAlgorithms diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256
HostKeyAlgorithms ssh-dss
Ciphers aes256-cbc,aes192-cbc,aes128-cbc
正常访问交换机:
ccchw@ccchw-HP-Compaq-Elite-8300-CMT:~$ ssh itte@10.163.111.16
Keyboard-interactive authentication
Enter password for itte:
ExtremeXOS
Copyright (C) 1996-2012 Extreme Networks. All rights reserved.
Protected by US Patent Nos: 6,678,248; 6,104,700; 6,766,482; 6,618,388; 6,034,957; 6,859,438; 6,912,592; 6,954,436; 6,977,891; 6,980,550; 6,981,174; 7,003,705; 7,017,082; 7,046,665; 7,126,923; 7,142,509; 7,149,217; 7,152,124; 7,154,861; 7,245,619; 7,245,629; 7,269,135; 7,448,045; 7,447,777; 7,453,874; 7,463,628; 7,483,370; 7,499,679; 7,502,374; 7,539,750; 7,522,516; 7,546,480; 7,552,275; 7,554,978; 7,558,273; 7,568,107; 7,577,996; 7,581,024; 7,580,409; 7,580,350; 7,584,262; 7,599,292; 7,602,721; 7,606,249; 7,606,240; 7,606,263; 7,613,209; 7,619,971; 7,646,773; 7,646,770; 7,649,879; 7,657,619; 7,657,635; 7,660,259; 7,660,894; 7,668,969; 7,672,228; 7,675,915; 7,689,678; 7,693,158; 7,710,993; 7,719,968; 7,724,734; 7,724,669; 7,733,899; 7,752,338; 7,773,507; 7,783,733; 7,792,058; 7,813,348; 7,814,204; 7,817,549; 7,817,633; 7,822,038; 7,822,032; 7,821,931; 7,823,199; 7,822,033; 7,835,348; 7,843,927; 7,856,019; 7,860,006; 7,889,750; 7,889,658; 7,894,451; 7,903,666; 7,908,431; 7,912,091; 7,936,764; 7,936,687; 7,944,942; 7,983,192; 7,990,850; 8,000,344; 8,055,800; 8,059,658.
==============================================================================
Press the <tab> or '?' key at any time for completions.
Remember to save your configuration changes.
AS-105.1 #
如果上述方法解决不了问题及时联系管理员