英文:
Connecting to a Cisco Switch with crypto/ssh
问题
我正在使用这段代码https://gist.github.com/svett/b7f56afc966a6b6ac2fc作为起点。
使用它并将其指向思科路由器时,我得到以下错误消息:
连接失败:ssh:握手失败:ssh:客户端到服务器的加密算法不兼容;客户端提供的算法:[aes128-ctr aes192-ctr aes256-ctr aes128-gcm@openssh.com arcfour256 arcfour128],服务器提供的算法:[aes128-cbc 3des-cbc aes192-cbc aes256-cbc]
经过一些阅读,我了解到我可以通过自定义配置来启用aes128-cbc:
// CBC模式是不安全的,因此默认配置中不包含它。
// (参见http://www.isg.rhul.ac.uk/~kp/SandPfinal.pdf)。如果绝对需要,可以指定自定义配置来启用它。
所以我添加了:
HostKeyAlgorithms: []string{"aes128cbcID"},
到我的ssh.ClientConfig,然后我得到了一个不同的错误:
连接失败:ssh:握手失败:ssh:主机密钥的算法不兼容;客户端提供的算法:[aes128cbcID],服务器提供的算法:[ssh-rsa]
这基本上让我认为我正在指定HostKeyAlgorithm,而实际上我需要指定客户端到服务器的加密算法,但我找不到解决方法。
有什么想法吗?
英文:
I am using this code https://gist.github.com/svett/b7f56afc966a6b6ac2fc as a starting point.
Using it and pointing it to a cisco router gets me the following error message:
Failed to dial: ssh: handshake failed: ssh: no common algorithm for client to server cipher; client offered: [aes128-ctr aes192-ctr aes256-ctr aes128-gcm@openssh.com arcfour256 arcfour128], server offered: [aes128-cbc 3des-cbc aes192-cbc aes256-cbc]
After doing some reading, I learned that I could enable aes128-cbc by customizing the config:
// CBC mode is insecure and so is not included in the default config.
// (See http://www.isg.rhul.ac.uk/~kp/SandPfinal.pdf). If absolutely
// needed, it's possible to specify a custom Config to enable it.
So I added :
HostKeyAlgorithms: []string{"aes128cbcID"},
to my ssh.ClientConfig and I got a different error:
Failed to dial: ssh: handshake failed: ssh: no common algorithm for host key; client offered: [aes128cbcID], server offered: [ssh-rsa]
This basically makes me think I'm specifying the HostKeyAlgorithm when I need to specify the client to server cipher, but I cannot find my way around well enough to figure out how to do so.
Any ideas?
答案1
得分: 7
你想要的是在客户端配置中设置Ciphers
字段。它位于ssh.ClientConfig
中嵌入的通用ssh.Config
结构体中。
sshConfig.Ciphers = []string{"aes128-cbc"}
英文:
What you want is to set the Ciphers
field in the client's config. It's in the common ssh.Config
struct, embedded in the ssh.ClientConfig
sshConfig.Ciphers = []string{"aes128-cbc"}
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论