OpenSSH v8 客户端与 OpenSSH v6.7p1 服务器通信：由于禁用 ssh-rsa 而导致“没有相互签名算法”？但原因何在？如何解决？

我的服务器最近停止提供基于公钥的身份验证。我尝试使用我的 RSA 公钥登录，但只得到：

$ ssh -v <server>
OpenSSH_8.9p1 Ubuntu-3ubuntu0.1, OpenSSL 3.0.2 15 Mar 2022
debug1: Reading configuration data /home/user/.ssh/config
debug1: /home/user/.ssh/config line 33: Applying options for <server>
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to <server> [<ip>] port 22.
debug1: Connection established.
debug1: identity file /home/user/.ssh/id_rsa type 0
debug1: identity file /home/user/.ssh/id_rsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.7p1 Debian-5+deb8u1
debug1: compat_banner: match: OpenSSH_6.7p1 Debian-5+deb8u1 pat OpenSSH* compat 0x04000000
debug1: Authenticating to <server>:22 as 'user'
debug1: load_hostkeys: fopen /home/user/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: [email protected]
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:tKraF30I02/eujsuOeMD9Aihjxp/9CXl/lu3c3vGcGs
debug1: load_hostkeys: fopen /home/user/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host '[<server>]:22' is known and matches the ECDSA host key.
debug1: Found key in /home/user/.ssh/known_hosts:31
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: get_agent_identities: bound agent to hostkey
debug1: get_agent_identities: agent returned 1 keys
debug1: Will attempt key: /home/user/.ssh/other_key RSA SHA256:<fingerprint> agent
debug1: Will attempt key: /home/user/.ssh/id_rsa RSA SHA256:<fingerprint> explicit
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /home/user/.ssh/other_key RSA SHA256:<fingerprint> agent
debug1: send_pubkey_test: no mutual signature algorithm
debug1: Offering public key: /home/user/.ssh/id_rsa RSA SHA256:<fingerprint> explicit
debug1: send_pubkey_test: no mutual signature algorithm
debug1: Next authentication method: password
user@<server>'s password:

关键部分似乎是倒数第三行：

debug1: send_pubkey_test: no mutual signature algorithm

起初我以为这一定与 ssh-rsa 已经已弃用最后默认禁用。然而，事实证明该服务器相当老旧，运行的是 OpenSSH 6.7p1。

也许是因为这个原因，服务器没有告诉我它支持哪些算法——现代 OpenSSH 版本似乎发送了一个SSH2_MSG_EXT_INFO和kex_input_ext_info: server-sig-algs=…。

因此我查看了服务器，/etc/ssh/sshd_config但它看起来很好并且没有提到任何与以下内容相关的内容PubkeyAcceptedKeyTypes（=PubkeyAcceptedAlgorithms在较新版本的 OpenSSH 中）：

…
KexAlgorithms [email protected],diffie-hellman-group-exchange-sha256
Ciphers [email protected],[email protected],[email protected],aes256-ctr,aes192-ctr,aes128-ctr
MACs [email protected],[email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,[email protected]
…

我也尝试使用ssh -Q (sig|PubkeyAcceptedKeyTypes) <server>来查询支持的签名算法，但与手册页建议的相反（ssh … [-Q query_option] … destination），似乎这查询客户（？），不是服务器，因为我尝试过的每个服务器都是一样的。

然后我想：等等，但是如果服务器最近没有更新，那么它一定是我的客户端！

确实ssh -o "PubkeyAcceptedAlgorithms=+ssh-rsa" -v <server>有效！

$ ssh -o "PubkeyAcceptedAlgorithms=ssh-rsa" -v <server>
OpenSSH_8.9p1 Ubuntu-3ubuntu0.1, OpenSSL 3.0.2 15 Mar 2022
debug1: Reading configuration data /home/user/.ssh/config
debug1: /home/user/.ssh/config line 33: Applying options for <server>
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to <server> [<ip>] port 22.
debug1: Connection established.
debug1: identity file /home/user/.ssh/id_rsa type 0
debug1: identity file /home/user/.ssh/id_rsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.7p1 Debian-5+deb8u1
debug1: compat_banner: match: OpenSSH_6.7p1 Debian-5+deb8u1 pat OpenSSH* compat 0x04000000
debug1: Authenticating to <server>:22 as 'user'
debug1: load_hostkeys: fopen /home/user/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: [email protected]
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:tKraF30I02/eujsuOeMD9Aihjxp/9CXl/lu3c3vGcGs
debug1: load_hostkeys: fopen /home/user/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host '[<server>]:22' is known and matches the ECDSA host key.
debug1: Found key in /home/user/.ssh/known_hosts:31
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: get_agent_identities: bound agent to hostkey
debug1: get_agent_identities: agent returned 1 keys
debug1: Will attempt key: /home/user/.ssh/other_key RSA SHA256:<fingerprint> agent
debug1: Will attempt key: /home/user/.ssh/id_rsa RSA SHA256:<fingerprint> explicit
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /home/user/.ssh/other_key RSA SHA256:<fingerprint> agent
debug1: Authentications that can continue: publickey,password
debug1: Offering public key: /home/user/.ssh/id_rsa RSA SHA256:<fingerprint> explicit
debug1: Server accepts key: /home/user/.ssh/id_rsa RSA SHA256:<fingerprint> explicit
Enter passphrase for key '/home/user/.ssh/id_rsa':

这怎么可能？即使我的 OpenSSH 客户端（v8.9，见上文）已弃用/禁用 ssh-rsa 和 SHA1[0]：如我们所见，服务器和客户端都同意使用 SHA256 – 这应该完全没问题吧？！

此外，ssh -Q PubkeyAcceptedAlgorithms列出 ssh-rsa：

$ ssh -Q PubkeyAcceptedAlgorithms
ssh-ed25519
[email protected]
[email protected]
[email protected]
ssh-rsa
rsa-sha2-256
rsa-sha2-512
ssh-dss
ecdsa-sha2-nistp256
ecdsa-sha2-nistp384
ecdsa-sha2-nistp521
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]

我还无法PubkeyAcceptedAlgorithms=-ssh-rsa在我的计算机上的任何地方找到禁用 ssh-rsa 的行（例如），无论是在~/.ssh/config还是/etc/ssh任何其他地方。

结论：这对我来说真是一个谜。为什么 ssh-rsa 不再工作了？（我应该提一下，ssh-ed25519 公钥工作得很好。）

现在我只是PubkeyAcceptedAlgorithms=+ssh-rsa在本地进行配置~/.ssh/config，但这感觉像是一个我尚未理解的问题的肮脏的解决方法。

--

相关文章其他人有完全相同的问题：服务器运行 OpenSSH v6.7p1，客户端是某些 OpenSSH 版本 > 8，并且 ssh-rsa 身份验证失败：

突然我的ssh需要输入密码--debug1:send_pubkey_test:没有相互签名算法

https://serverfault.com/questions/1064247/ssh-permission-denied-publickey