Ami*_*mar 2 ssh solaris ssh-keys
无法通过ssh登录到服务器。因此使用rsh登录,并在尝试ssh主机本身时遇到错误:
no common kex alg: client 'diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1', server 'gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g=='
我发现此登录 /var/svc/log/network-ssh:default.log
[ May 14 21:23:13 Rereading configuration. ]
[ May 14 21:23:13 Executing refresh method ("/lib/svc/method/sshd restart") ]
[ May 14 21:23:13 Method "refresh" exited with status 0 ]
[ May 14 21:30:25 Stopping because service disabled. ]
[ May 14 21:30:25 Executing stop method (:kill) ]
[ May 14 21:33:08 Enabled. ]
[ May 14 21:33:08 Executing start method ("/lib/svc/method/sshd start") ]
Could not load host key: /.ssh/id_dsa
Could not load host key: /.ssh/identity
Disabling protocol version 1. Could not load host key
[ May 14 21:33:08 Method "start" exited with status 0 ]
提前致谢。
看来服务器和客户端找不到通用的身份验证方法。
我刚刚在这里有了一个sun集群:它仅支持diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1,但是我的Gentoo GNU / Linux ssh服务器似乎已经放弃了group1算法。
通过/etc/ssh/sshd_config在ssh服务器上进行更改以包含以下内容进行修复
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
但是,我担心有理由从默认值中删除group1算法。我不会在可公开访问的盒子上这样做。