Windows下使用SSH连接到旧设备
正好今天遇到一个旧设备有点问题,需要通过SSH的方式连接上去检查。Windows 10自带了SSH命令,可以直接连接而不必寻求其它工具的支持了。如果看不到图,请点我。
结果发现无法连接,显示协商错误。目标机器需要使用Diffie-Hellman密钥交换协议中group1-sha1的方式。于是加上参数继续连接
但是继续遇到错误,显示旧设备只支持3des-cbc的加密方式。只能再加上参数连接。
于是整条命令变成了这个:
ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 -c 3des-cbc root@192.168.248.216
结果,仍然有问题。显示密钥长度无效。
经过各种资料查找,发现是openssh在7.6和以后的版本中去掉了对小于1024位密钥的支持。
OpenSSH 7.6/7.6p1 (2017-10-03)
OpenSSH 7.6 was released on 2017-10-03. It is available from the
mirrors listed at https://www.openssh.com/.
OpenSSH is a 100% complete SSH protocol 2.0 implementation and
includes sftp client and server support.
Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches, reported bugs, tested snapshots or donated to the
project. More information on donations may be found at:
http://www.openssh.com/donations.html
Potentially-incompatible changes
This release includes a number of changes that may affect existing
configurations:
•ssh(1): delete SSH protocol version 1 support, associated
configuration options and documentation.
•ssh(1)/sshd(8): remove support for the hmac-ripemd160 MAC.
•ssh(1)/sshd(8): remove support for the arcfour, blowfish and CAST
ciphers.
•Refuse RSA keys <1024 bits in length and improve reporting for keys
that do not meet this requirement.
•ssh(1): do not offer CBC ciphers by default.
https://www.openssh.com/releasenotes.html
检查一下Windows 10上的SSH版本
ssh -V
已经是7.7了。所以无法支持旧设备了。
找了个Linux机器,看一下SSH的版本信息。
于是,顺利连上设备。
对于命令中那么长的参数。其实可以在配置文件中指定,Windows上的配置文件位于用户配置文件目录下.ssh目录中。默认并没有config文件,需要手动创建。写入以下内容:
Host 192.168.248.216
KexAlgorithms +diffie-hellman-group1-sha1
Ciphers +3des-cbc
这样就可以直接连接设备了,不过对于密钥长度的支持这个无法解决。所以对于有老旧设备的环境中也最好保留1台可以连接的设备以备不时之需。