Diffie-Hellman Key Agreement Protocol ÊÇÒ»ÖÖÃÜÔ¿ÐÉÌÐÒ飬µÍ°æ±¾µÄ OpenSSH ÖÐʹÓÃÁËÕâÖÖ¹ýʱ²»°²È«µÄ¼ÓÃÜËã·¨ÐÒ飬ͨ³£ OpenSSH ÔÚ°æ±¾µü´ú¸üÐÂʱ»áÆúÓÃÕâЩ²»°²È«µÄ¼ÓÃÜËã·¨£¬Òò´ËÐÞ¸´Õâ¸ö©¶´µÄ×î¼òµ¥ÍêÃÀµÄ·½°¸ÊÇÉý¼¶ OpenSSH µ½×îеİ汾£¬Éý¼¶°ì·¨¿ÉÒԲο¼±¾Õ¾£ºCentos7ϵͳÉý¼¶OpenSSHµ½openssh-8.*°æ±¾µÄ·½·¨
Èç¹ûÒòΪһЩ¿Í¹ÛÔÒò£¬ÎÒÃÇÈÔÒª¼ÌÐøʹÓþɰ汾µÄ OpenSSH £¬ÄÇô¿ÉÒÔ¸ù¾Ýʵ¼ÊÇé¿ö£¬ÆÁ±Îµô²»°²È«µÄ¼ÓÃÜËã·¨£¬ÒÔ½µµÍ°²È«·çÏÕ¡£¾ßÌå·½·¨ÈçÏ£º
ÔËÐÐÏÂÃæµÄ´úÂ룬ÐÞ¸Ä sshd_config ÅäÖÃÎļþ£¬ÆÁ±Îµô²»°²È«µÄ KexAlgorithms¡£
man sshd_config |grep -A 40 -w KexAlgorithms
echo "KexAlgorithms curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1" >> /etc/ssh/sshd_config
systemctl restart sshd
sshd -T | grep -w kexalgorithmsÆäÖÐ sshd_config µÄÅäÖòÎÊý˵Ã÷ÈçÏ£º
- µ±Ç° openssh °æ±¾Ö§³ÖµÄËã·¨ÁбíºÍ²ÎÊýÓ÷¨¿ÉÒÔ´Ó°ïÖúÎĵµÖвéÕÒµ½¡£
- Ö¸¶¨¿ÉÓÃµÄ KEX (Key Exchange) Ëã·¨£¬¶à¸öËã·¨Ö®¼ä±ØÐëÒÔ¶ººÅ·Ö¸ô¡£
- ÁíÍ⣬Èç¹ûÖ¸¶¨µÄÁбíÒÔ¡¯ + ¡®×Ö·û¿ªÍ·£¬ÔòÖ¸¶¨µÄËã·¨½«±»×·¼Óµ½Ä¬Èϼ¯£¬¶ø²»ÊÇÌæ»»ÔÓÐĬÈϵġ£
- Èç¹ûÖ¸¶¨µÄÁбíÒÔ¡¯ ¨C ¡®×Ö·û¿ªÍ·£¬ÔòÖ¸¶¨µÄËã·¨(°üÀ¨Í¨Åä·û)½«´ÓĬÈϼ¯ÖÐɾ³ý£¬¶ø²»ÊÇÌæ»»¡££¨ÑÝʾ»·¾³ÖÐµÄ openssh7.4 ²»Ö§³Ö£©
- Èç¹ûÖ¸¶¨µÄÁбíÒÔ¡¯ ^ ¡®×Ö·û¿ªÍ·£¬ÔòÖ¸¶¨µÄËã·¨½«±»·ÅÔÚĬÈϼ¯µÄ¿ªÍ·¡££¨ÑÝʾ»·¾³ÖÐµÄ openssh7.4 ²»Ö§³Ö£©
Ãɹ«Íø°²±¸ 15010502000974ºÅ