Am 2 cutii linux
unul este CentOS 6
unul este Fedora 35
Openssh-ul CentOS 6 este prea vechi și serverul Fedora 35 sshd respinge conexiunea.
Vreau să adaug înapoi vechiul HostKeyAlgorithms Ciphers KexAlgorithms la sshd_config Fedora 35
lucrul pe care l-am adăugat este următorul
# Adăugați asistență pentru clienți vechi
Cifre +aes128-cbc
MAC-uri +hmac-sha1
HostKeyAlgorithms +ssh-dss
KexAlgorithms +diffie-hellman-group1-sha1
este disponibil pe ambele părți
Cifre ssh -Q
3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
aes128-ctr
aes192-ctr
aes256-ctr
[email protected]
[email protected]
[email protected]
[hans@fedora ssh]$ ssh -Q MAC-uri
hmac-sha1
hmac-sha1-96
hmac-sha2-256
hmac-sha2-512
hmac-md5
hmac-md5-96
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[hans@fedora ssh]$ ssh -Q HostKeyAlgorithms
ssh-ed25519
[email protected]
[email protected]
[email protected]
ssh-rsa
rsa-sha2-256
rsa-sha2-512
ssh-dss
ecdsa-sha2-nistp256
ecdsa-sha2-nistp384
ecdsa-sha2-nistp521
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[hans@fedora ssh]$
[hans@fedora ssh]$ ssh -Q KexAlgorithms
diffie-hellman-group1-sha1
diffie-hellman-group14-sha1
diffie-hellman-group14-sha256
diffie-hellman-group16-sha512
diffie-hellman-group18-sha512
diffie-hellman-grup-schimb-sha1
diffie-hellman-group-exchange-sha256
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
curba25519-sha256
[email protected]
[email protected]
după repornire/repornire sshd
sudo sshd -T | grep -i HostKeyAlgorithms
hostkeyalgorithms ecdsa-sha2-nistp256,[email protected],[email protected],sk-ecdsa-sha2-nistp256-cert-v01, ecdsa-v01 -sha2-nistp384,[email protected],ecdsa-sha2-nistp521,[email protected],ssh-ed25519,ssh-ed255v1 @openssh.com,[email protected],[email protected],rsa-sha2-256,[email protected],rsa -sha2-512,[email protected]
sudo sshd -T | grep -i kexalgoritmi
gssapikexalgorithms gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-
kexalgorithms curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256-helmandiffie14-helmani2 -hellman-group16-sha512,diffie-hellman-group18-sha512
sudo sshd -T | grep -i cipher
cifruri [email protected],[email protected],aes256-ctr,[email protected],aes128-ctr
pe CentOS6
încă îmi dă această eroare, așa cum fișierul de configurare nu s-a schimbat niciodată.
ssh -vv 192.168.1.6
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 februarie 2013
debug1: Citirea datelor de configurare /etc/ssh/ssh_config
debug1: se aplică opțiuni pentru *
debug2: ssh_connect: needpriv 0
debug1: se conectează la 192.168.1.6 [192.168.1.6] portul 22.
debug1: Conexiune stabilită.
debug1: fișier de identitate /home/hans/.ssh/identity type -1
debug1: fișier de identitate /home/hans/.ssh/identity-cert tip -1
debug1: fișier de identitate /home/hans/.ssh/id_rsa tip -1
debug1: fișier de identitate /home/hans/.ssh/id_rsa-cert tip -1
debug1: fișier de identitate /home/hans/.ssh/id_dsa tip -1
debug1: fișier de identitate /home/hans/.ssh/id_dsa-cert tip -1
debug1: fișier de identitate /home/hans/.ssh/id_ecdsa tip -1
debug1: fișier de identitate /home/hans/.ssh/id_ecdsa-cert tip -1
debug1: versiunea 2.0 a protocolului la distanță, versiunea software la distanță OpenSSH_8.7
debug1: potrivire: OpenSSH_8.7 pat OpenSSH*
debug1: Activarea modului de compatibilitate pentru protocolul 2.0
debug1: șir de versiune locală SSH-2.0-OpenSSH_5.3
debug2: fd 3 setarea O_NONBLOCK
depanare1: SSH2_MSG_KEXINIT trimis
depanare1: SSH2_MSG_KEXINIT primit
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: [email protected], [email protected], [email protected], ssh-dss-cert-v00@openssh. com,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbclicrijndalyscliu.
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbclicrijndalyscliu.
debug2: kex_parse_kexinit: hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96
debug2: kex_parse_kexinit: hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: rezervat 0
debug2: kex_parse_kexinit: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, diffie-hellffman-group4-hellchange sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512
debug2: kex_parse_kexinit: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: kex_parse_kexinit: [email protected],[email protected],aes256-ctr,[email protected],aes128-ctr
debug2: kex_parse_kexinit: [email protected],[email protected],aes256-ctr,[email protected],aes128-ctr
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],hmac- sha2-256,hmac-sha1,[email protected],hmac-sha2-512
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],hmac- sha2-256,hmac-sha1,[email protected],hmac-sha2-512
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: rezervat 0
debug2: mac_setup: găsit hmac-sha1
debug1: kex: server->client aes128-ctr hmac-sha1 niciunul
debug2: mac_setup: găsit hmac-sha1
debug1: kex: client->server aes128-ctr hmac-sha1 niciunul
fără hostkey alg
