Rob*_*son 12 aptana ssh debian aptana3
我目前正在使用Aptana Studio 3.6.1(带有一些PHP语法修复的自定义构建).我使用SFTP将文件从我的项目上传到测试站点,使用发布工具(项目顶部的上传/下载箭头).
最近,我变得无法上传文件.WinSCP能够做到这一点很好,我可以在使用PuTTY或普通的旧OpenSSH时顺利进入服务器.然而,Aptana引人注目:
Failed to upload file
Establishing SFTP connection failed: No suitable key exchange algorithm could be agreed.
No suitable key exchange algorithm could be agreed.
auth.log中的相应错误(使用LogLevel DEBUG1):
Oct 26 14:42:42 dedi sshd[13690]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
Oct 26 14:42:42 dedi sshd[13690]: debug1: inetd sockets after dupping: 3, 3
Oct 26 14:42:42 dedi sshd[13690]: Connection from [My IP] port 24321 on [Server IP] port 22
Oct 26 14:42:42 dedi sshd[13690]: debug1: Client protocol version 2.0; client software version edtFTPjPRO-4.1.0
Oct 26 14:42:42 dedi sshd[13690]: debug1: no match: edtFTPjPRO-4.1.0
Oct 26 14:42:42 dedi sshd[13690]: debug1: Enabling compatibility mode for protocol 2.0
Oct 26 14:42:42 dedi sshd[13690]: debug1: Local version string SSH-2.0-OpenSSH_6.7p1 Debian-2
Oct 26 14:42:42 dedi sshd[13690]: debug1: permanently_set_uid: 102/65534 [preauth]
Oct 26 14:42:42 dedi sshd[13690]: debug1: list_hostkey_types: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256 [preauth]
Oct 26 14:42:42 dedi sshd[13690]: debug1: SSH2_MSG_KEXINIT sent [preauth]
Oct 26 14:42:42 dedi sshd[13690]: debug1: SSH2_MSG_KEXINIT received [preauth]
Oct 26 14:42:42 dedi sshd[13690]: debug1: kex: client->server 3des-cbc hmac-sha1 none [preauth]
Oct 26 14:42:42 dedi sshd[13690]: debug1: kex: server->client 3des-cbc hmac-sha1 none [preauth]
Oct 26 14:42:42 dedi sshd[13690]: fatal: Unable to negotiate a key exchange method [preauth]
我应该注意到,我已经使用sshd_config进行了修复以修复先前的错误,其中Aptana使用的某些密码套件未在服务器上设置.我怀疑这个问题与密钥交换密码套件有关,但我不确定如何调试该问题以确定要添加的套件.
$ uname -a && lsb_release -a
Linux dedi 3.14-2-amd64 #1 SMP Debian 3.14.15-2 (2014-08-09) x86_64 GNU/Linux
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux testing (jessie)
Release: testing
Codename: jessie
小智 13
请使用DEBUG3级别.然后,您将看到服务器上配置的密钥交换算法列表以及客户端支持的列表.
然后将以下行添加到/ etc/ssh/sshd_config:
KexAlgorithms <here comma-separated list of Kex Algorithms configured on your server>,<here one of the Kex Algorithms supported by your client>
例如,OpenSSH 6.7默认激活以下算法:curve25519-sha256 @ libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,的Diffie-Hellman-group14-SHA1.
如果客户端仅支持diffie-hellman-group1-sha1,则/ etc/ssh/sshd_config应包含
KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1.
没关系 - OpenSSH v.6.7也支持diffie-hellman-group1-sha1,但默认情况下它是关闭的.您应该允许sshd通过将KexAlgorithms行放入sshd配置来使用此密钥交换算法.
小智 9
在远程服务器上编辑sshd_config:
nano/etc/ssh/sshd_config
添加以下行:
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,blowfish-cbc,aes128-cbc,3des-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
KexAlgorithms=curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
#/etc/init.d/ssh restart
对于Debian 8来说,jessie /etc/ssh/sshd_config为我解决了这个问题
KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
摘自此评论 https://github.com/rundeck/rundeck/issues/1147#issuecomment-85083240