그래서 ssh에는 이 옵션이 있습니다 HostKeyAlgorithms. 사용 예:
ssh -o "HostKeyAlgorithms ssh-rsa" user@hostname
서버 키를 사용하여 클라이언트를 연결하려고 하는데 ecdsa올바른 문자열을 찾을 수 없습니다.
사용 가능한 목록을 얻으려면 어떤 명령을 사용할 수 있습니까 HostKeyAlgorithms?
답변1
ssh -Q key
OpenSSH의 고대 버전이 없다면 소스 다이빙을 하거나 실행하여 ssh -v -v -v ...원하는 것이 나타나는지 확인하세요.
답변2
~에서ssh_config manual페이지:
HostKeyAlgorithms
Specifies the protocol version 2 host key algorithms that the client wants to use in order of preference. The default for this option is:
[email protected],
[email protected],
[email protected],
[email protected],[email protected],
[email protected],[email protected],
ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
ssh-rsa,ssh-dss
If hostkeys are known for the destination host then this default is modified to prefer their algorithms.
답변3
-Q아무도 이 플래그에 대한 문서를 올바르게 읽고 있는 것 같지 않습니다 ssh.
man ssh설명하다:
-Q query_option
Queries ssh for the algorithms supported for the specified version 2. The available features are:
cipher (supported symmetric ciphers), cipher-auth (supported symmetric ciphers that support authenti‐
cated encryption), help (supported query terms for use with the -Q flag), mac (supported message integ‐
rity codes), kex (key exchange algorithms), kex-gss (GSSAPI key exchange algorithms), key (key types),
key-cert (certificate key types), key-plain (non-certificate key types), key-sig (all key types and sig‐
nature algorithms), protocol-version (supported SSH protocol versions), and sig (supported signature al‐
gorithms). Alternatively, any keyword from ssh_config(5) or sshd_config(5) that takes an algorithm list
may be used as an alias for the corresponding query_option.
ssh -Q설치된 SSH 버전에 대해 사용 가능한 모든 정보를 덤프하는 방법은 다음과 같습니다 .
for F in $(ssh -Q help); do
printf "=== $F ===\n"
ssh -Q $F
echo ""
done
내 결과는 다음과 같습니다
=== cipher ===
3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
[email protected]
aes128-ctr
aes192-ctr
aes256-ctr
[email protected]
[email protected]
[email protected]
=== cipher-auth ===
[email protected]
[email protected]
[email protected]
=== mac ===
hmac-sha1
hmac-sha1-96
hmac-sha2-256
hmac-sha2-512
hmac-md5
hmac-md5-96
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
=== kex ===
diffie-hellman-group1-sha1
diffie-hellman-group14-sha1
diffie-hellman-group14-sha256
diffie-hellman-group16-sha512
diffie-hellman-group18-sha512
diffie-hellman-group-exchange-sha1
diffie-hellman-group-exchange-sha256
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
curve25519-sha256
[email protected]
[email protected]
=== kex-gss ===
gss-gex-sha1-
gss-group1-sha1-
gss-group14-sha1-
gss-group14-sha256-
gss-group16-sha512-
gss-nistp256-sha256-
gss-curve25519-sha256-
=== key ===
ssh-ed25519
[email protected]
[email protected]
[email protected]
ssh-rsa
ssh-dss
ecdsa-sha2-nistp256
ecdsa-sha2-nistp384
ecdsa-sha2-nistp521
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
=== key-cert ===
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
=== key-plain ===
ssh-ed25519
[email protected]
ssh-rsa
ssh-dss
ecdsa-sha2-nistp256
ecdsa-sha2-nistp384
ecdsa-sha2-nistp521
[email protected]
=== key-sig ===
ssh-ed25519
[email protected]
[email protected]
[email protected]
ssh-rsa
rsa-sha2-256
rsa-sha2-512
ssh-dss
ecdsa-sha2-nistp256
ecdsa-sha2-nistp384
ecdsa-sha2-nistp521
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
=== protocol-version ===
2
=== sig ===
ssh-ed25519
[email protected]
ssh-rsa
rsa-sha2-256
rsa-sha2-512
ssh-dss
ecdsa-sha2-nistp256
ecdsa-sha2-nistp384
ecdsa-sha2-nistp521
[email protected]
ssh이 옵션을 사용하여 호스트에 연결하려고 할 때 실제로 사용되는 구성을 디버깅하려면 디버깅할 때 도움이 될 수 있습니다 -G. 그러면 cipher, mac및 매개변수에 대해 hostKeyAlgorithm선택된 값을 포함한 모든 구성 옵션이 나열됩니다 KexAlgorithm.
ssh -G [email protected]
이는 일반적인 출력입니다.
user ubuntu
hostname 35.171.333.444
port 22
addkeystoagent false
addressfamily any
batchmode no
canonicalizefallbacklocal yes
canonicalizehostname false
challengeresponseauthentication yes
checkhostip yes
compression yes
controlmaster false
enablesshkeysign no
clearallforwardings no
exitonforwardfailure no
fingerprinthash SHA256
forwardx11 yes
forwardx11trusted yes
gatewayports no
gssapiauthentication yes
gssapikeyexchange no
gssapidelegatecredentials no
gssapitrustdns no
gssapirenewalforcesrekey no
gssapikexalgorithms gss-group14-sha256-,gss-group16-sha512-,gss-nistp256-sha256-,gss-curve25519-sha256-,gss-group14-sha1-,gss-gex-sha1-
hashknownhosts yes
hostbasedauthentication no
identitiesonly no
kbdinteractiveauthentication yes
nohostauthenticationforlocalhost no
passwordauthentication yes
permitlocalcommand no
proxyusefdpass no
pubkeyauthentication yes
requesttty auto
streamlocalbindunlink no
stricthostkeychecking ask
tcpkeepalive yes
tunnel false
verifyhostkeydns false
visualhostkey no
updatehostkeys false
canonicalizemaxdots 1
connectionattempts 1
forwardx11timeout 1200
numberofpasswordprompts 3
serveralivecountmax 3
serveraliveinterval 0
ciphers [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
hostkeyalgorithms [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],ssh-ed25519,[email protected],rsa-sha2-512,rsa-sha2-256,ssh-rsa
hostbasedkeytypes [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],ssh-ed25519,[email protected],rsa-sha2-512,rsa-sha2-256,ssh-rsa
ignoreunknown Password
kexalgorithms curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
casignaturealgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],ssh-ed25519,[email protected],rsa-sha2-512,rsa-sha2-256
loglevel INFO
macs [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
securitykeyprovider internal
pubkeyacceptedkeytypes [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],ssh-ed25519,[email protected],rsa-sha2-512,rsa-sha2-256,ssh-rsa
xauthlocation /usr/bin/xauth
identityfile ~/.ssh/rsa-2020-11-03
canonicaldomains
globalknownhostsfile /etc/ssh/ssh_known_hosts /etc/ssh/ssh_known_hosts2
userknownhostsfile ~/.ssh/known_hosts ~/.ssh/known_hosts2
sendenv LANG
sendenv LC_*
forwardagent yes
connecttimeout none
tunneldevice any:any
controlpersist no
escapechar ~
ipqos lowdelay throughput
rekeylimit 0 0
streamlocalbindmask 0177
syslogfacility USER
답변4
이 질문은 "list ssh "key exchange Algorithm""을 검색할 때 첫 번째 답변이므로 해당 답변도 제공하겠습니다.
클라이언트 SSH 키 교환 알고리즘을 나열합니다.
ssh -Q kex
서버 SSH 키 교환 알고리즘을 나열합니다.
sudo sshd -T | grep kex