MAC SSH问题

问题描述

在Mac OS 系统中，当我们使用Terminal通过ssh去连接一个远程主机，可能会遇到以下报错

JUNLI5-M-R24U:~ junli$ ssh admin@10.75.169.43 Unable to negotiate with 10.75.169.43 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1

解决方案

Terminal找不到支持的密钥交换方法，因为新版Openssh中认为SHA1这种hash散列算法过于薄弱，已经不再支持，所以我们需要手动去enable对于SHA1的支持

JUNLI5-M-R24U:ssh junli$ vim /etc/ssh/ssh_config 取消注释这两行内容： MACs hmac-md5,hmac-sha1,your.email@example.com,hmac-ripemd160 Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc 并且在文件结尾添加： HostkeyAlgorithms ssh-dss,ssh-rsa KexAlgorithms +diffie-hellman-group1-sha1

Locate the line ‘ # MACs hmac-md5,hmac-sha1,your.email@example.com,hmac-ripemd160′ and remove the Hash/Pound sight from the beginning. Locate the line ‘ # Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc’ and remove the Hash/Pound sight from the beginning. Then paste the following on the end; HostkeyAlgorithms ssh-dss,ssh-rsa KexAlgorithms +diffie-hellman-group1-sha1

编辑后/etc/ssh/ssh_config完整的文件内容如下

# $OpenBSD: ssh_config,v 1.30 2016/02/20 23:06:23 sobrado Exp $ # This is the ssh client system-wide configuration file. See # ssh_config(5) for more information. This file provides defaults for # users, and the values can be changed in per-user configuration files # or on the command line. # Configuration data is parsed as follows: # 1. command line options # 2. user-specific file # 3. system-wide file # Any configuration value is only changed the first time it is set. # Thus, host-specific definitions should be at the beginning of the # configuration file, and defaults at the end. # Site-wide defaults for some commonly used options. For a comprehensive # list of available options, their meanings and defaults, please see the # ssh_config(5) man page. # Host * # ForwardAgent no # ForwardX11 no # RhostsRSAAuthentication no # RSAAuthentication yes # PasswordAuthentication yes # HostbasedAuthentication no # GSSAPIAuthentication no # GSSAPIDelegateCredentials no # BatchMode no # CheckHostIP yes # AddressFamily any # ConnectTimeout 0 # StrictHostKeyChecking ask # IdentityFile ~/.ssh/identity # IdentityFile ~/.ssh/id_rsa # IdentityFile ~/.ssh/id_dsa # IdentityFile ~/.ssh/id_ecdsa # IdentityFile ~/.ssh/id_ed25519 # Port 22 # Protocol 2 # Cipher 3des Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc MACs hmac-md5,hmac-sha1,your.email@example.com,hmac-ripemd160 # EscapeChar ~ # Tunnel no # TunnelDevice any:any # PermitLocalCommand no # VisualHostKey no # ProxyCommand ssh -q -W %h:%p gateway.example.com # RekeyLimit 1G 1h HostkeyAlgorithms ssh-dss,ssh-rsa KexAlgorithms +diffie-hellman-group1-sha1