供应商决定开始使用 libssh 作为设备的 ssh 服务器。
虽然 openssh 和 putty 可以毫无问题地连接到此设备,但 ssh-keyscan 不会返回任何密钥。
知道为什么吗?
centos openssh 的输出:
$ ssh -v -F /dev/null 192.168.x.y
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
debug1: Reading configuration data /dev/null
debug1: Connecting to 192.168.x.y [192.168.x.y] port 22.
debug1: Connection established.
debug1: identity file /home/user/.ssh/id_rsa type 1
-snip-
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: Remote protocol version 2.0, remote software version libssh_0.7.7
debug1: no match: libssh_0.7.7
debug1: Authenticating to 192.168.x.y:22 as 'user'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: ecdh-sha2-nistp256
debug1: kex: host key algorithm: ecdsa-sha2-nistp521
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug1: kex: ecdh-sha2-nistp256 need=32 dh_need=32
debug1: kex: ecdh-sha2-nistp256 need=32 dh_need=32
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp521 SHA256:fingerprintfingerprintfingerprintfingerprin
The authenticity of host '192.168.x.y (192.168.x.y)' can't be established.
ECDSA key fingerprint is SHA256:fingerprintfingerprintfingerprintfingerprin.
ECDSA key fingerprint is MD5:00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff.
Are you sure you want to continue connecting (yes/no)? no
Host key verification failed.
centos ssh-keyscan 的输出:
$ ssh-keyscan -v 192.168.x.y
debug1: no match: libssh_0.7.7
# 192.168.x.y:22 SSH-2.0-libssh_0.7.7
debug1: Enabling compatibility mode for protocol 2.0
debug1: SSH2_MSG_KEXINIT sent
debug1: no match: libssh_0.7.7
# 192.168.x.y:22 SSH-2.0-libssh_0.7.7
debug1: SSH2_MSG_KEXINIT sent
debug1: no match: libssh_0.7.7
# 192.168.x.y:22 SSH-2.0-libssh_0.7.7
debug1: SSH2_MSG_KEXINIT sent
telnet 连接测试的输出:
$ telnet 192.168.x.y 22
Trying 192.168.x.y...
Connected to 192.168.x.y.
Escape character is '^]'.
SSH-2.0-libssh_0.7.7
^C
Connection closed by foreign host.
我很惊讶有人会像这样使用 libssh,但显然他们认为这是一个好主意。
PS:我想知道 libssh 服务器是否正确实现,因为 OpenSSH_for_Windows_7.7p1 无法连接到此设备,并抱怨服务器意外关闭了连接。