我不确定这个问题是否是由 Lubuntu 还是 Cisco 路由器方面引起的。
Lubuntu = 192.168.1.100
Cisco Router = 192.168.1.1
从 Lubuntu 到 Cisco 路由器的 SSH
user@linux:~$ ssh -V
OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017
user@linux:~$
user@linux:~$ ssh [email protected]
Unable to negotiate with 192.168.1.1 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1
user@linux:~$
这是 Cisco 路由器端
R1#
*Mar 1 01:41:19.631: SSH2 0: no matching cipher found: client [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],
R1#
SSH 详细
user@linux:~$ ssh 192.168.1.1 -l admin -v
OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 192.168.1.1 [192.168.1.1] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: Remote protocol version 2.0, remote software version Cisco-1.25
debug1: match: Cisco-1.25 pat Cisco-1.* compat 0x60000000
debug1: Authenticating to 192.168.1.1:22 as 'admin'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: (no match)
Unable to negotiate with 192.168.1.1 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1
user@linux:~$
更多思科日志
R1(config)#ip ssh logging events
R1(config)#
R1(config)#
*Mar 1 01:56:21.723: SSH2 0: no matching cipher found: client [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],
R1(config)#
*Mar 1 01:56:21.723: %SSH-5-SSH2_SESSION: SSH2 Session request from 192.168.1.100 (tty = 0) using crypto cipher '', hmac '' Failed
*Mar 1 01:56:21.723: %SSH-5-SSH2_CLOSE: SSH2 Session from 192.168.1.100 (tty = 0) for user '' using crypto cipher '', hmac '' closed
R1(config)#
这里的问题是什么以及如何解决?
更新 1
我按照建议尝试了这些这里但它并没有解决问题
user@linux:~$ ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 192.168.1.1
Unable to negotiate with 192.168.1.1 port 22: no matching cipher found. Their offer: aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
user@linux:~$
user@linux:~$ ssh -oHostKeyAlgorithms=+ssh-dss 192.168.1.1
Unable to negotiate with 192.168.1.1 port 22: no matching cipher found. Their offer: aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
user@linux:~$
答案1
问题出在思科路由器上。Ubuntu 的ssh
客户端建议使用一组默认的现代安全加密,而路由器则建议使用另一组(使用遗留算法) 并且它们之间没有任何共同之处。
您可以强制ssh
将弱遗留算法添加到其提案列表中:
从命令行:
ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 192.168.1.1
或添加选项~/.ssh/config
Host 192.168.1.1
KexAlgorithms +diffie-hellman-group1-sha1
作为这里解释(您还有其他解决方案),但这可能还不够,您可能还必须启用它ssh-dss
。
ssh -oHostKeyAlgorithms=+ssh-dss 192.168.1.1
或添加选项~/.ssh/config
Host 192.168.1.1
HostKeyAlgorithms +ssh-dss
答案2
试试这个,你没有指定要使用的密码
ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 -c aes128-cbc -l username 192.168.1.1