解決辦法
如果最近升級到了 openssh 8.8 版,你會發現連線某些之前連線得好好的伺服器突然無法連線:
Unable to negotiate with x.x.x.x port 2222: no matching host key type found. Their offer: ssh-rsa
解決辦法是 ssh 命令指定演演算法:
ssh -o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa user@host -p 2222
上面比較麻煩,可以修改 ssh 配置檔案 ~/.ssh/config,對於無法成功連線的 host,增加以下配置項:
HostKeyAlgorithms +ssh-rsa
PubkeyAcceptedKeyTypes +ssh-rsa
完整的配置如下:
Host jump
Port 2222
HostName x.x.x.x
User ***
IdentityFile ~/.ssh/id_rsa
UseKeychain yes
AddKeysToAgent yes
PreferredAuthentications publickey
HostKeyAlgorithms +ssh-rsa
PubkeyAcceptedKeyTypes +ssh-rsa
問題原因
根據 OpenSSH 8.8 Release Notes 資訊:
This release disables RSA signatures using the SHA-1 hash algorithm
by default. This change has been made as the SHA-1 hash algorithm is
cryptographically broken, and it is possible to create chosen-prefix
hash collisions for <USD$50K [1]
For most users, this change should be invisible and there is
no need to replace ssh-rsa keys. OpenSSH has supported RFC8332
RSA/SHA-256/512 signatures since release 7.2 and existing ssh-rsa keys
will automatically use the stronger algorithm where possible.
Incompatibility is more likely when connecting to older SSH
implementations that have not been upgraded or have not closely tracked
improvements in the SSH protocol. For these cases, it may be necessary
to selectively re-enable RSA/SHA1 to allow connection and/or user
authentication via the HostkeyAlgorithms and PubkeyAcceptedAlgorithms
options. For example, the following stanza in ~/.ssh/config will enable
RSA/SHA1 for host and user authentication for a single destination host:
Host old-host
HostkeyAlgorithms +ssh-rsa
PubkeyAcceptedAlgorithms +ssh-rsa
We recommend enabling RSA/SHA1 only as a stopgap measure until legacy
implementations can be upgraded or reconfigured with another key type
(such as ECDSA or Ed25519).
從這裡可以知道,從 openssh 8.8 版本開始預設禁用了 ssh-rsa 演演算法,對於大部分情況,這次的更改是無感知的,當伺服器僅支援 ssh-rsa 演演算法時才會出現不相容的情況。
本地啟用 RSA/SHA1 支援僅僅只是一種權宜之計,官方建議是升級金鑰演演算法或使用另一種金鑰演演算法(例如 ECDSA 或 Ed25519 演演算法)。