解决OpenSSH7连接失败问题
本文详细解释了OpenSSH7.0连接失败的原因,由于diffie-hellman-group1-sha1算法被认为存在安全风险,导致客户端与服务器无法协商一致的密钥交换算法。文章提供了两种解决方案,一是升级服务器配置避免使用过时算法,二是临时在客户端重新启用该算法。
原文链接:https://mycyberuniverse.com/error/no-matching-key-exchange-method-found-openssh7.html
What causes this problem
OpenSSH 7.0 deprecated the diffie-hellman-group1-sha1 key algorithm because it is weak and within theoretical range of the so-called Logjam attack. See the www.openssh.com/legacy.html page for more information.
If the client and server are unable to agree on a mutual set of parameters then the connection will fail. OpenSSH (7.0 and greater) will produce an error message like this:
Unable to negotiate with host: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1
In this case, the client and server were unable to agree on the key exchange algorithm because the server offered only a single method diffie-hellman-group1-sha1.
How to fix it
The best resolution for these failures is to upgrade/configure the server to not use deprecated algorithms. If that is not possible, you can force the client to re-enable the diffie-hellman-group1-sha1 key exchange algorithm with the -oKexAlgorithms=+diffie-hellman-group1-sha1 option on the command-line:
ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 user@host
or in the ~/.ssh/config file:
Host somehost.example.org
KexAlgorithms +diffie-hellman-group1-sha1注意:这里的两行代码分开写,另外Host后面的网址不要用IP地址代替(如果dns无法解析就在hosts文件中添加即可)
If this article helped you solve the problem then please leave a comment. 
Thanks for reading!
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
