Ubuntu密钥交换Algo
Ubuntu密钥交换Algo
提问于 2021-06-07 08:34:21
我正在尝试测试几个网络设备的连接性,使用Ansible ad安装在Ubuntu20.04.2LTS上。
问题是: SSH不能工作,因为设备的密钥交换方法只有ssh-RSA,服务器不支持这一点。尝试执行ssh-RSA,但我知道它是不可用的,因为它不是作为密码协商中的关键交换方法之一发送的。
Ansible_output:
(venv) omera@sandbox:~/code/ansible/play_06$ ansible all -m ping
edge_02 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Unable to negotiate with 192.168.1.201 port 22: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1",
"unreachable": true
}
edge_01 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Unable to negotiate with 192.168.1.200 port 22: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1",
"unreachable": true
}
core_01 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Unable to negotiate with 192.168.1.202 port 22: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1",
"unreachable": trueedge_02_debug_output:
Edge_02#
*Jun 7 07:49:14.738: SSH0: starting SSH control process
*Jun 7 07:49:14.738: SSH0: sent protocol version id SSH-1.99-Cisco-1.25
*Jun 7 07:49:14.741: SSH0: protocol version id is - SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.2
*Jun 7 07:49:14.741: SSH2 0: Server certificate trustpoint not found. Skipping hostkey algo = x509v3-ssh-rsa
*Jun 7 07:49:14.741: SSH2 0: kexinit sent: hostkey algo = ssh-rsa
*Jun 7 07:49:14.741: SSH2 0: kexinit sent: encryption algo = aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
*Jun 7 07:49:14.741: SSH2 0: kexinit sent: mac algo = hmac-sha1,hmac-sha1-96
*Jun 7 07:49:14.741: SSH2 0: SSH2_MSG_KEXINIT sent
*Jun 7 07:49:14.741: SSH2 0: SSH2_MSG_KEXINIT received
*Jun 7 07:49:14.741: SSH2 0: kex: client->server enc:aes128-ctr mac:hmac-sha1
*Jun 7 07:49:14.741: SSH2 0: kex: server->client enc:aes128-ctr mac:hmac-sha1
*Jun 7 07:49:14.741: %SSH-3-NO_MATCH: No matching kex algorithm found: client curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c server diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1我担心的是,是否可以将RSA设置为ubuntu上的密钥交换方法(ansible正使用sshpass)?
ii sshpass 1.06-1 amd64 Non-interactive ssh password authentication回答 1
Server Fault用户
回答已采纳
发布于 2021-06-07 14:02:44
默认情况下,ansible使用OpenSSH,这对较旧的IOS版本有点挑剔。您必须在~/..ssh/config中启用Diffie-Hellman密钥交换和一些旧的密码。
KexAlgorithms +diffie-hellman-group1-sha1
Ciphers +aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc或者,你可以尝试帕拉米科的运输。
[defaults]
inventory = /root/hosts
host_key_checking=False
timeout = 30
transport = paramiko虽然这些指令对于IOS来说通常是正确的,但我相当肯定,在IOU设备上,您也面临着类似的问题。
页面原文内容由Server Fault提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://serverfault.com/questions/1065936
复制相关文章
相似问题
腾讯云开发者
