我使用这个 Vagrantfile:
Vagrant.configure("2") do |config|
config.vm.box = "jonatasbaldin/solaris11"
config.vm.box_version = "1.0.0"
end
成功vagrant up,但vagrant ssh退出并返回 255 返回代码,根本没有输出。为了调试,我这样做
$ ssh -v vagrant@localhost -p 2222
我得到:
$ ssh -v vagrant@localhost -p 2222
OpenSSH_8.9p1 Ubuntu-3ubuntu0.1, OpenSSL 3.0.2 15 Mar 2022
debug1: Reading configuration data /home/mevatlave/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 267: Applying options for localhost
debug1: /etc/ssh/ssh_config line 288: Applying options for *
debug1: Connecting to localhost [127.0.0.1] port 2222.
debug1: Connection established.
debug1: identity file /home/mevatlave/.ssh/id_rsa type 0
debug1: identity file /home/mevatlave/.ssh/id_rsa-cert type -1
debug1: identity file /home/mevatlave/.ssh/id_ecdsa type -1
debug1: identity file /home/mevatlave/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/mevatlave/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/mevatlave/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/mevatlave/.ssh/id_ed25519 type -1
debug1: identity file /home/mevatlave/.ssh/id_ed25519-cert type -1
debug1: identity file /home/mevatlave/.ssh/id_ed25519_sk type -1
debug1: identity file /home/mevatlave/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/mevatlave/.ssh/id_xmss type -1
debug1: identity file /home/mevatlave/.ssh/id_xmss-cert type -1
debug1: identity file /home/mevatlave/.ssh/id_dsa type -1
debug1: identity file /home/mevatlave/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1
debug1: Remote protocol version 2.0, remote software version Sun_SSH_2.2
debug1: compat_banner: no match: Sun_SSH_2.2
debug1: Authenticating to localhost:2222 as 'vagrant'
debug1: load_hostkeys: fopen /home/mevatlave/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: diffie-hellman-group-exchange-sha256
debug1: kex: host key algorithm: (no match)
Unable to negotiate with 127.0.0.1 port 2222: no matching host key type found. Their offer: ssh-rsa,ssh-dss
在网上搜索了很多解决方案,但没有成功。有什么提示吗?
在 virtualbox tty 上,我得到sshd[1234]: fatal: no hostkey alg
答案1
在SSH协议中,有不同类型的密钥,每种类型的密钥都允许一种或多种签名算法。服务器端使用的密钥类型是 RSA ( ssh-rsa) 和 DSA ( ssh-dss) 密钥。对于 RSA 密钥,存在三种签名:ssh-rsa(SHA-1)、rsa-sha2-256(SHA-256) 和rsa-sha2-512(SHA-512)。只有后两种签名是安全的;较旧的ssh-rsa签名类型和所有签名都ssh-dss使用 SHA-1,它已过时且不安全。 (按照现代标准,所使用的 DSA 密钥的大小也严重不足。)
不幸的是,您使用的虚拟机仅支持不安全的算法,因此没有安全的方法来连接它。最好的办法是使用不同的映像来实现更安全的操作系统或更安全的操作系统配置。
如果您绝对必须使用此图像,您可以运行ssh -o HostKeyAlgorithms=+ssh-rsa -p 2222 vagrant@localhost以便启用不安全ssh-rsa算法并连接。
答案2
我在 bk2204 的帮助下做了什么:
在Vagrantfile:
config.ssh.config = "ssh_config"
config.vm.provision "shell", inline: <<-SHELL
cat /path/to/.ssh/id_rsa.pub >> /export/home/vagrant/.ssh/authorized_keys
SHELL
在ssh_config;
User vagrant
HostKeyAlgorithms=+ssh-rsa
PubkeyAuthentication yes
IdentityFile /path/to/solaris/id_dsa
但即使我修改了 sshd 配置,使用密钥对登录也是不够的:
PasswordAuthentication no
PubkeyAuthentication yes