嗨,我想连接到一个SFTP服务器,但它一直失败,这个错误: DH GEX组超出范围
这是详细的日志…环顾四周,我发现问题与密钥大小有关
OpenSSH_7.4p1 Ubuntu-10, OpenSSL 1.0.2g 1 Mar 2016 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to **** [****] port 22. debug1: Connection established. debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.4p1 Ubuntu-10 debug1: Remote protocol version 2.0, remote software version XFB.Gateway Windows debug1: no match: XFB.Gateway Windows debug1: Authenticating to ****:22 as 'User' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: diffie-hellman-group-exchange-sha1 debug1: kex: host key algorithm: ssh-rsa debug1: kex: server->client cipher: aes256-ctr MAC: hmac-sha1 compression: none debug1: kex: client->server cipher: aes256-ctr MAC: hmac-sha1 compression: none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(2048<8192<8192) sent debug1: got SSH2_MSG_KEX_DH_GEX_GROUP ssh_dispatch_run_fatal: Connection to **** port 22: DH GEX group out of range Couldn't read packet: Connection reset by peer 这里build议的以下解决scheme不起作用:
-o KexAlgorithms = diffie-hellman-group-exchange-sha1 -o HostKeyAlgorithms = + ssh-dss
我也尝试这个build议这里的build议
KexDHMin = 1024
但我得到这个错误
command-line: line 0: Bad configuration option: kexdhmin
任何想法,我可以做什么来解决它?
你正在连接一个新的OpenSSH,它将最小的DH组大小调整到2048(这不是标准的,但没有理由为什么服务器不应该接受)到一些古老的Windows实现( XFB.Gateway Windows )。 这可能是一些商业软件,所以你应该联系你的供应商,以便他解决这个问题。
没有configuration选项来select这个最小DH组大小,所以你可能有一些运气使用不同的密钥交换algorithm,如果该服务器支持一个。 它将从debugging日志中用-vvv开关可见。