什么是openssh默认kexalgorithms?
如果KexAlgorithms没有在ssh配置文件中显式配置,那么openssh可以使用的默认密钥交换算法是什么?
我使用的openssh版本是OpenSSH_6.4p1。
回答 2
Stack Overflow用户
发布于 2015-09-21 11:02:53
经过进一步检查,可以通过两种方式获取此信息。
从sshd_config(5)手册页读取
KexAlgorithms指定可用的KEX (密钥交换)算法。多个算法必须用逗号分隔。默认值为ecdh-sha2-nistp256、ecdh-sha2-nistp384、ecdh-sha2-nistp521、diffie-hellman-group-exchange-sha256、diffie-hellman-group-exchange-sha1、diffie-hellman group14-sha1、diffie-hellman group1-sha1。
- 从
ssh -vvv日志读取(第一部分是客户端支持的kexalgorithm,hmac,ciphers;第二部分是sshd服务器的。)
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,河豚-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha2-256,hmac-sha2-512hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit:保留0 debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman group14-sha1,diffie-hellman group1-sha1 debug2: kex_parse_kexinit: ssh-rsa debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc,arcfour256,arcfour128,3des-cbc,blowfish-cbc,cast128-cbc,arcfour debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-cbc,aes192-cbc,AES256-cbc,arcfour256,四个ARC128,3DES-cbc,blowfish-cbc,ctr 128-cbc,arcfour debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac 64@openssh.com,hmac-ripemd160,hmac-sha1-96,hmac-md5-96,hmac-sha2-256,256hmac-sha2-512 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-sha1-96,hmac-md5-96,hmac-sha2-256,hmac-sha2-512 debug2: kex_parse_kexinit: none,zlib@openssh.com debug2: kex_parse_kexinit: none,支持算法的zlib@openssh.com
- query
ssh:ssh -Q kex server(大写-Q)
diffie-hellman-group1-sha1 diffie-hellman-group14-sha1 diffie-hellman-group-exchange-sha1 diffie-hellman-group-exchange-sha256 ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 diffie-hellman-group1-sha1 curve25519-sha256@libssh.org
Stack Overflow用户
发布于 2018-12-22 01:56:36
ssh -G 192.168.1.2显示了包含kexalgorithms的配置。例如,
kexalgorithms curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1如果您只想为kexalgorithms配置diffie-hellman-group1-sha1,
ssh -oKexAlgorithms=diffie-hellman-group1-sha1 username@192.168.1.2https://stackoverflow.com/questions/32686530
复制相似问题
腾讯云开发者
