ssh连接远程欧拉系统时报错Unable to negotiate XXX no matching host key type

2024-02-05 11:21:03 浏览数 (2)

现象

在openeuler 22.03中,通过ssh连接远程欧拉服务器报错:

代码语言:javascript复制
[root@mdw ~]# ssh gpadmin@sdw1
Unable to negotiate with 100.194.18.75 port 22: no matching host key type found. Their offer: ssh-rsa



[root@lhropeneuler22 /]# rpm -qa | grep openssh
openssh-clients-8.8p1-22.oe2203.x86_64
openssh-server-8.8p1-22.oe2203.x86_64
openssh-8.8p1-22.oe2203.x86_64

分析

报错信息大概说的是没有匹配到类型为ssh-rsa的主机秘钥。

openssh觉得ssh-rsa加密方式不安全, 直接从8.8开始默认不允许这种密钥用于登陆了。

解决

方法1 永久

代码语言:javascript复制
echo 'HostKey /etc/ssh/ssh_host_ecdsa_key' >> /etc/ssh/sshd_config

systemctl restart sshd

方法2 临时

代码语言:javascript复制
ssh -o HostKeyAlgorithms= ssh-rsa user@host

方法3 永久

代码语言:javascript复制
cat > /root/.ssh/config <<"EOF"
Host *
  ServerAliveInterval 10
  HostKeyAlgorithms  ssh-rsa
  PubkeyAcceptedKeyTypes  ssh-rsa
EOF
chmod 600 /root/.ssh/config

mkdir -p /home/gpadmin/.ssh

cat > /home/gpadmin/.ssh/config <<"EOF"
Host *
  ServerAliveInterval 10
  HostKeyAlgorithms  ssh-rsa
  PubkeyAcceptedKeyTypes  ssh-rsa
EOF

chmod 600 /home/gpadmin/.ssh/config

chown gpadmin.gpadmin -R /home/gpadmin/.ssh

参考

https://www.jianshu.com/p/764249229bc4

https://www.cnblogs.com/feipeng8848/p/18003494

https://zhuanlan.zhihu.com/p/30840210?utm_id=0

https://zhuanlan.zhihu.com/p/616716090

0 人点赞