使用crypto/ssh连接到Cisco交换机

huangapple go评论97阅读模式
英文:

Connecting to a Cisco Switch with crypto/ssh

问题

我正在使用这段代码https://gist.github.com/svett/b7f56afc966a6b6ac2fc作为起点。

使用它并将其指向思科路由器时,我得到以下错误消息:

连接失败:ssh:握手失败:ssh:客户端到服务器的加密算法不兼容;客户端提供的算法:[aes128-ctr aes192-ctr aes256-ctr aes128-gcm@openssh.com arcfour256 arcfour128],服务器提供的算法:[aes128-cbc 3des-cbc aes192-cbc aes256-cbc]

经过一些阅读,我了解到我可以通过自定义配置来启用aes128-cbc:

// CBC模式是不安全的,因此默认配置中不包含它。
// (参见http://www.isg.rhul.ac.uk/~kp/SandPfinal.pdf)。如果绝对需要,可以指定自定义配置来启用它。

所以我添加了:

HostKeyAlgorithms: []string{"aes128cbcID"},

到我的ssh.ClientConfig,然后我得到了一个不同的错误:

连接失败:ssh:握手失败:ssh:主机密钥的算法不兼容;客户端提供的算法:[aes128cbcID],服务器提供的算法:[ssh-rsa]

这基本上让我认为我正在指定HostKeyAlgorithm,而实际上我需要指定客户端到服务器的加密算法,但我找不到解决方法。

有什么想法吗?

英文:

I am using this code https://gist.github.com/svett/b7f56afc966a6b6ac2fc as a starting point.

Using it and pointing it to a cisco router gets me the following error message:

Failed to dial: ssh: handshake failed: ssh: no common algorithm for client to server cipher; client offered: [aes128-ctr aes192-ctr aes256-ctr aes128-gcm@openssh.com arcfour256 arcfour128], server offered: [aes128-cbc 3des-cbc aes192-cbc aes256-cbc]

After doing some reading, I learned that I could enable aes128-cbc by customizing the config:

// CBC mode is insecure and so is not included in the default config.
// (See http://www.isg.rhul.ac.uk/~kp/SandPfinal.pdf). If absolutely
// needed, it's possible to specify a custom Config to enable it.

So I added :

HostKeyAlgorithms: []string{"aes128cbcID"},

to my ssh.ClientConfig and I got a different error:

Failed to dial: ssh: handshake failed: ssh: no common algorithm for host key; client offered: [aes128cbcID], server offered: [ssh-rsa]

This basically makes me think I'm specifying the HostKeyAlgorithm when I need to specify the client to server cipher, but I cannot find my way around well enough to figure out how to do so.

Any ideas?

答案1

得分: 7

你想要的是在客户端配置中设置Ciphers字段。它位于ssh.ClientConfig中嵌入的通用ssh.Config结构体中。

sshConfig.Ciphers = []string{"aes128-cbc"}
英文:

What you want is to set the Ciphers field in the client's config. It's in the common ssh.Config struct, embedded in the ssh.ClientConfig

sshConfig.Ciphers = []string{"aes128-cbc"}

huangapple
  • 本文由 发表于 2016年2月19日 06:15:09
  • 转载请务必保留本文链接:https://go.coder-hub.com/35493528.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定