发新话题
打印

OpenSSH升级后密钥对登录失败的解决办法

OpenSSH升级后密钥对登录失败的解决办法

ubuntu 22,openssh server 升级了
putty登录,提示错误:server refused our key
/var/log/auth.log: userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]

解决办法:
vi /etc/ssh/sshd_config,加入

PubkeyAuthentication yes
PubkeyAcceptedAlgorithms +ssh-rsa
KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
HostKeyAlgorithms=+ssh-rsa,ssh-dss

再 systemctl restart sshd
就可以用putty登录


puttygen.exe
"file>Load Private key",选择 2023.ppk,再“save public key”保存为2023.pub,再“Conversions>Export OpenSSH key”保存为2023.pem
secureCRT,2023.pem 为 “SSH2 > Authentication > PublicKey > Properties > Use identity or certificate file”
就可以用secureCRT登录


The ssh-rsa signature scheme uses SHA-1 and it's sensible to chosen-prefix attacks.
If you can't upgrade the server, you can create new keys using ed25519, or ecdsa.
ssh-keygen -t ecdsa -a 64 -b 384
或者 用 puttygen.exe 最下方 不选择 RSA 而是选择 ECDSA
参考:https://dev.to/cloudx/why-openssh-8-8-cannot-find-a-host-key-type-if-ssh-rsa-is-provided-49i

[ 本帖最后由 linda 于 2022-12-23 17:41 编辑 ]

TOP

发新话题