发布时间: 2019-07-12 | 浏览次数: 1245 | 下载次数: 2 | 作者: lWX466148 | 文档编号: EKB1100010561
网管管理员使用Stelnet帐户在网管侧登录NE20E-s路由器测试不成功,登录NE20E-s发现日志有如下报错:
2019-03-12, 08:33:42:699 Failed to login through SSH. (ServiceType=**, UserName=Could not extract user name, IPAddress=10.1.1.100, FailedReason=Failed to negotiate the digest algorithm.)
2019-03-12, 08:29:53:716 Failed to login through SSH. (ServiceType=**, UserName=Could not extract user name, IPAddress=10.1.1.100, FailedReason=Failed to negotiate the digest algorithm.)
日志显示,怀疑是算法协商有问题,再次收集debug信息,看debug结果确实是和网管协商key-exchange 算法失败,如下:
Mar 14 2019 05:10:40.551 NE20ES4 %%01SSHS/7/SSHS_DBG_SSH_PACKET_SENT(d):VS=Admin-VS-CID=0x8093043f;SSH protocol packet sent. (Channel Id = 135168, Packet Type = SSH2_MSG_KEXINIT).
Mar 14 2019 05:10:40.551 NE20ES4 %%01SSHS/7/SSHS_DBG_SSH_FSM_STATE_CHANGE(d):VS=Admin-VS-CID=0x8093043f;SSH FSM state changed. (Channel Id = 135168, Old state = SSH_MAIN_VERSION_MATCH, New state = SSH_MAIN_SSH_PROCESS).
Mar 14 2019 05:10:40.551 NE20ES4 %%01SSHS/7/SSHS_DBG_SSH_FSM_STATE_CHANGE(d):VS=Admin-VS-CID=0x8093043f;SSH FSM state changed. (Channel Id = 135168, Old state = SSH_SUB1_KEX_INIT, New state = SSH_SUB1_KEX_INIT).
2019-03-14 05:10:40(12) NE20ES4 %%01SSHS/7/SSHS_DEBUG_DIAG_MSG(D):VS=Admin-VS-CID=0x8093043f;(Message = SSH Server recieved packet type 20 from remote SSH Client).
Mar 14 2019 05:10:40.560 NE20ES4 %%01SSHS/7/SSHS_DBG_SSH_PACKET_RECEIVED(d):VS=Admin-VS-CID=0x8093043f;SSH protocol packet received. (Channel Id = 135168, Packet Type = SSH2_MSG_KEXINIT).
Mar 14 2019 05:10:40.560 NE20ES4 %%01SSHS/7/SSHS_DBG_SSH2_KEX_CHOOSE_FAIL(d):VS=Admin-VS-CID=0x8093043f;Choosing key exchange algorithm failed. (Channel Id = 135168).
根据以上信息,确认是ssh算法不对应的问题导致。
因我们默认是没有开启所有的算法的,把所有算法都开启问题解决。配置如下:
ssh server key-exchange 后面加所有算法即可。
