新安装的Ubuntu20.04,SSH服务已安装,使用putty可以正常ssh远程登录进去,使用SecureCRT远程登录会报错如下:Key exchange failed. No compatible key exchange method. The server supports these methods: curve25519-sha256,
curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
解决办法:
1)在/etc/ssh/sshd_config文件中添加
KexAlgorithms
curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
2)fedora 34 还需要注释掉 #Include /etc/ssh/sshd_config.d/*.conf
# cat /etc/crypto-policies/back-ends/opensshserver.config
Ciphers
aes256-gcm@openssh.com,
chacha20-poly1305@openssh.com,aes256-ctr,
aes128-gcm@openssh.com,aes128-ctr
MACs
hmac-sha2-256-etm@openssh.com,
hmac-sha1-etm@openssh.com,
umac-128-etm@openssh.com,
hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,
umac-128@openssh.com,hmac-sha2-512
GSSAPIKexAlgorithms gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-
KexAlgorithms curve25519-sha256,
curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512
HostKeyAlgorithms ecdsa-sha2-nistp256,
ecdsa-sha2-nistp256-cert-v01@openssh.com,
sk-ecdsa-sha2-nistp256@openssh.com,
sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,
ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,
ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,
ssh-ed25519-cert-v01@openssh.com,
sk-ssh-ed25519@openssh.com,
sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,
rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,
rsa-sha2-512-cert-v01@openssh.com
PubkeyAcceptedKeyTypes ecdsa-sha2-nistp256,
ecdsa-sha2-nistp256-cert-v01@openssh.com,
sk-ecdsa-sha2-nistp256@openssh.com,
sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,
ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,
ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,
ssh-ed25519-cert-v01@openssh.com,
sk-ssh-ed25519@openssh.com,
sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,
rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,
rsa-sha2-512-cert-v01@openssh.com
CASignatureAlgorithms ecdsa-sha2-nistp256,
sk-ecdsa-sha2-nistp256@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,
sk-ssh-ed25519@openssh.com,rsa-sha2-256,rsa-sha2-512
重启sshd生效:
systemctl restart sshd
Ciphers
chacha20-poly1305@openssh.com,
aes256-gcm@openssh.com,
aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs
hmac-sha2-512-etm@openssh.com,
hmac-sha2-256-etm@openssh.com,
umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,
umac-128@openssh.com
参考:
https://stribika.github.io/2015/01/04/secure-secure-shell.html
[
本帖最后由 linda 于 2021-7-19 19:35 编辑 ]