H3C交换机作为客户端,无法ssh登陆华为交换机,且无报错:
ssh2 10.*.*.11Username: admin
Press CTRL+C to abort.
Connecting to 10...11 port 22.
1、其他设备可以登陆华为交换机,说明服务端基本服务正常
2、华为交换机没有针对ssh登陆的源地址做限制
3、H3C交换机和华为交换机在同一二层环境,不存在安全设备/包过滤拦截ssh报文
4、H3C交换机作为客户端登陆时,开启debug查看ssh协商过程:
dis info-center
Information Center: Enabled #此处为enable(默认enable),表示信息中心模块为开启状态,可以正常显示debug调试信息,如为disable,需要
system-view
info-center enable
debugging ssh client all
<H3C>t d
<H3C>t m
<H3C>ssh2 10.*.*.11
Username: admin
Press CTRL+C to abort.
Connecting to 10.*.*.11 port 22.
*Jul 322:18:13:8822024 OMR-208-E13-1.AM13 SSHC/7/EVENT:Kex strings(6):none,zlib
*Jul 3 22:18:13:882 2024 OMR-208-E13-1.AM13 SSHC/7/EVENT:Kex strings(8):
*Jul 3 22:18:13:882 2024 OMR-208-E13-1.AM13 SSHC/7/EVENT: Kex strings(7): none,zlib
*Jul322:18:13:8832024MR-208131AM13SSHC/7/EVENTKex:sever->clientEncrypt:aes128-ctr,HMAC:mac-sha2256Comressnone
*Jul 3 22:18:13:883 2024 OMR-208-E13-1.AM13 SSHC/7/EVENT:Kex strings(9):
*Jul322:18:13:8842024MR208131AM13SHC/7/EVENTKex:client->sever,ncrypt:aes128-ctrHMACmac-sha2-256Compressn%
*Jul 322:18:13:8842024OMR-208-E13-1.AM13 SSHC/6/SSHC_ALGORITHM_MISMATCH:Failed tolog in toSSH serverUNKNOWN because of publickey mismatch.
*Jul322:18:13:8852024OMR-208-E13-1.AM13SSHC/7/ERROR:Nohostkeyalgorithm
----------可以看到,因客户端和服务端算法不匹配,导致登录失败
#关闭诊断信息
<H3C>u t m
<H3C>u t d
<H3C>undo debugging all
HUAWEI-现状:ssh client publickey:rsa _sha2_256、rsa_sha2_512
支持的算法:ssh server publickey:
H3C现状:Publickey algorithms:x509v3-ecdsa-sha2-nistp256、x509v3-ecdsa-sha2-nistp384、ecdsa-sha2-nistp256、ecdsa-sha2-nistp384、rsa、dsa
支持的算法:ssh2 algorithm public-key :
C、S端public key 的算法有交集即可。