[研究]CentOS Stream 9 用 ssh 連線 CentOS 6.10 失敗之解決
2022-10-25
********************************************************************************
10.3.99.32 是 CentOS 6.10
[user1@localhost ~]$ ssh root@10.3.99.32
The authenticity of host '10.3.99.32 (10.3.99.32)' can't be established.
RSA key fingerprint is SHA256:lovqRDFWqrS++sqlWTN4vFqGpGYommbXGZx9ZXKaaSs.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '10.3.99.32' (RSA) to the list of known hosts.
ssh_dispatch_run_fatal: Connection to 10.3.99.32 port 22: error in libcrypto
[user1@localhost ~]$
|
CentOS 9 的 OpenSSL 是 3.0.1 版;CentOS 6.10 的 OpenSSL 是 1.0
[user1@localhost ~]$ yum list | grep openssl
apr-util-openssl.x86_64 1.6.1-20.el9
openssl.x86_64 1:3.0.1-18.el9
openssl-libs.x86_64 1:3.0.1-18.el9
openssl-pkcs11.x86_64 0.4.11-7.el9
xmlsec1-openssl.x86_64 1.2.29-9.el9
anope-openssl.x86_64 2.0.11-1.el9
compat-openssl11.i686 1:1.1.1k-4.el9
compat-openssl11.x86_64 1:1.1.1k-4.el9
ghc-openssl-streams.x86_64 1.2.3.0-4.el9
ghc-openssl-streams-devel.x86_64 1.2.3.0-4.el9
ghc-openssl-streams-doc.noarch 1.2.3.0-4.el9
ghc-openssl-streams-prof.x86_64 1.2.3.0-4.el9
globus-gsi-openssl-error.x86_64 4.4-1.el9
globus-gsi-openssl-error-devel.x86_64 4.4-1.el9
globus-gsi-openssl-error-doc.noarch 4.4-1.el9
globus-openssl-module.x86_64 5.2-2.el9
globus-openssl-module-devel.x86_64 5.2-2.el9
globus-openssl-module-doc.noarch 5.2-2.el9
lighttpd-mod_openssl.x86_64 1.4.67-1.el9
openssl.x86_64 1:3.0.1-41.el9
openssl-devel.i686 1:3.0.1-41.el9
openssl-devel.x86_64 1:3.0.1-41.el9
openssl-libs.i686 1:3.0.1-41.el9
openssl-libs.x86_64 1:3.0.1-41.el9
openssl-perl.x86_64 1:3.0.1-41.el9
openssl-pkcs11.i686 0.4.11-7.el9
python3-types-pyopenssl.noarch 21.0.1-2.el9
rsyslog-openssl.x86_64 8.2102.0-105.el9
xmlsec1-openssl.i686 1.2.29-9.el9
[user1@localhost ~]$
|
CentOS 9 沒有 libcrypto
|
[user1@localhost ~]$ yum list | grep libcrypto
[user1@localhost ~]$ dnf list | grep libcrypto
[user1@localhost ~]$ |
CentOS 9 上 OpenSSH
|
[root@localhost ~]# dnf list | grep openssh
openssh.x86_64 8.7p1-10.el9_0
openssh-clients.x86_64 8.7p1-10.el9_0
openssh-server.x86_64 8.7p1-10.el9_0
openssh-askpass.x86_64 8.7p1-10.el9_0
openssh-keycat.x86_64 8.7p1-10.el9_0
[root@localhost ~]# |
CentOS 6.10 的 OpenSSL 是 1.0
|
CentOS 6.10 沒有 libcrypto
|
[user1@localhost ~]$ yum list | grep libcrypto
[user1@localhost ~]$ |
CentOS 6.10 上 OpenSSH
|
[root@aplog ~]# yum list | grep openssh
openssh.x86_64 5.3p1-124.el6_10 @updates
openssh-askpass.x86_64 5.3p1-124.el6_10 @updates
openssh-clients.x86_64 5.3p1-124.el6_10 @updates
openssh-server.x86_64 5.3p1-124.el6_10 @updates
gsi-openssh.x86_64 5.3p1-20.el6 epel
gsi-openssh-clients.x86_64 5.3p1-20.el6 epel
gsi-openssh-server.x86_64 5.3p1-20.el6 epel
openssh-ldap.x86_64 5.3p1-124.el6_10 updates
razorqt-openssh-askpass.x86_64 0.5.2-13.el6 epel
[root@aplog ~]#
|
********************************************************************************
解決
在 CentOS 9 上執行 update-crypto-policies ( CentOS 6.x 不支援)
[root@localhost ~]# ssh root@10.3.99.32 ssh_dispatch_run_fatal: Connection to 10.3.99.32 port 22: error in libcrypto [root@localhost ~]# update-crypto-policies --set DEFAULT:SHA1 Setting system policy to DEFAULT:SHA1 Note: System-wide crypto policies are applied on application start-up. It is recommended to restart the system for the change of policies to fully take place. [root@localhost ~]# systemctl restart sshd [root@localhost ~]# ssh root@10.3.99.32 root@10.3.99.32's password: Permission denied, please try again. root@10.3.99.32's password: Last login: Tue Oct 25 10:15:40 2022 from 10.3.121.11 [root@host32 ~]# |
(完)
相關
沒有留言:
張貼留言