发新话题
打印

SecureCRT登录高版本SSH报错Key exchange failed

SecureCRT登录高版本SSH报错Key exchange failed

报错信息:
Key exchange failed.
No compatible key exchange method. The server supports these methods: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
原因:
当前操作系统安装的openssh版本较新,默认屏蔽了不安全的密钥交换算法
解决方案:
编辑/etc/ssh/sshd_config配置文件,添加如下内容
KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
保存后重启sshd服务 systemctl restart sshd 或 service sshd restart 或 kill -9 xxx; /usr/sbin/sshd


查看sshd Key exchange配置:
# sshd -T
kexalgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
casignaturealgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com,ssh-ed25519,sk-ssh-ed25519@openssh.com,rsa-sha2-512,rsa-sha2-256

# ssh -Q kex
diffie-hellman-group1-sha1
diffie-hellman-group14-sha1
diffie-hellman-group14-sha256
diffie-hellman-group16-sha512
diffie-hellman-group18-sha512
diffie-hellman-group-exchange-sha1
diffie-hellman-group-exchange-sha256
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
curve25519-sha256
curve25519-sha256@libssh.org
sntrup4591761x25519-sha512@tinyssh.org

参考:
https://stackoverflow.com/questions/48643291/change-kexalgorithms-on-openssh
https://stackoverflow.com/questions/32686530/whats-openssh-default-kexalgorithms
————————————————

原文链接:https://blog.csdn.net/carefree2005/article/details/112981217

[ 本帖最后由 linda 于 2021-3-8 11:44 编辑 ]

[ 本帖最后由 linda 于 2021-3-8 11:50 编辑 ]

TOP

发新话题