现象
在openeuler 22.03中,通过ssh连接远程欧拉服务器报错:
代码语言:javascript复制[root@mdw ~]# ssh gpadmin@sdw1
Unable to negotiate with 100.194.18.75 port 22: no matching host key type found. Their offer: ssh-rsa
[root@lhropeneuler22 /]# rpm -qa | grep openssh
openssh-clients-8.8p1-22.oe2203.x86_64
openssh-server-8.8p1-22.oe2203.x86_64
openssh-8.8p1-22.oe2203.x86_64
分析
报错信息大概说的是没有匹配到类型为ssh-rsa的主机秘钥。
openssh觉得ssh-rsa加密方式不安全, 直接从8.8开始默认不允许这种密钥用于登陆了。
解决
方法1 永久
代码语言:javascript复制echo 'HostKey /etc/ssh/ssh_host_ecdsa_key' >> /etc/ssh/sshd_config
systemctl restart sshd
方法2 临时
代码语言:javascript复制ssh -o HostKeyAlgorithms= ssh-rsa user@host
方法3 永久
代码语言:javascript复制cat > /root/.ssh/config <<"EOF"
Host *
ServerAliveInterval 10
HostKeyAlgorithms ssh-rsa
PubkeyAcceptedKeyTypes ssh-rsa
EOF
chmod 600 /root/.ssh/config
mkdir -p /home/gpadmin/.ssh
cat > /home/gpadmin/.ssh/config <<"EOF"
Host *
ServerAliveInterval 10
HostKeyAlgorithms ssh-rsa
PubkeyAcceptedKeyTypes ssh-rsa
EOF
chmod 600 /home/gpadmin/.ssh/config
chown gpadmin.gpadmin -R /home/gpadmin/.ssh
参考
https://www.jianshu.com/p/764249229bc4
https://www.cnblogs.com/feipeng8848/p/18003494
https://zhuanlan.zhihu.com/p/30840210?utm_id=0
https://zhuanlan.zhihu.com/p/616716090
