出现问题现象:skywalker@skywalker-Ubuntu:/usr$ ssh username@Firewall’s IP No valid ciphers for protocol version 2 given, using defaults. ssh_rsa_verify: RSA modulus too small: 512 < minimum 768 bits key_verify failed for server_host_key临时解决方法用ssh -v -1 -c des参数连接skywalker@skywalker-ubuntu:/usr$ ssh -v -1 -c des username@Firewall’s IP OpenSSH_4.6p1 Debian-5ubuntu0.1, OpenSSL 0.9.8e 23 Feb 2007 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to 211.100.62.34 [211.100.62.34] port 22. debug1: Connection established. debug1: identity file /home/skywalker/.ssh/identity type -1 debug1: Remote protocol version 1.99, remote software version Cisco-1.25 debug1: no match: Cisco-1.25 debug1: Local version string SSH-1.5-OpenSSH_4.6p1 Debian-5ubuntu0.1 debug1: Waiting for server public key. debug1: Received server public key (768 bits) and host key (512 bits). debug1: Host ‘211.100.62.34′ is known and matches the RSA1 host key. debug1: Found key in /home/skywalker/.ssh/known_hosts:6 debug1: Encryption type: des debug1: Sent encrypted session key. Warning: use of DES is strongly discouraged due to cryptographic weaknesses debug1: Installing crc compensation attack detector. debug1: Received encrypted confirmation. debug1: Doing password authentication. pix@211.100.62.34’s password:永久解决方法如果你不想每次都带着一大串参数SSH,就需要重新生成一个合适的key,步骤如下:登录到PIX,可以用上面的方法ssh >enable configure terminal crypto key zeroize rsa 清除现存RSA KEY crypto key generate rsa modulus 1024 noconfirm 生成新的RSA KEY 如果你在刚才使用上面的方式SSH登录,那么现在你的机器中储存的KEY将与PIX不符,SSH将会提示这样的错误:@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA host key has just been changed. The fingerprint for the RSA key sent by the remote host is xx.xx.xx.xx Please contact your system administrator. Add correct host key in /home/skywalker/.ssh/known_hosts to get rid of this message. Offending key in /home/skywalker/.ssh/known_hosts:5 RSA host key for Firewall’s IP has changed and you have requested strict checking. Host key verification failed.你必须首先在/.ssh/known_hosts中清除对应PIX的失效KEY ,如果不知道哪个KEY是PIX的,将known_hosts全部清除也没有关系,只是在第一次登录其他机器的时候,需要确认一次(yes/no)。清除掉失效KEY后,ssh就可以正常登录PIX了。 Linux操作系统下安装SAVFL杀毒软件Linux环境下用iptable实现动态防火墙相关资讯 Linux防火墙
易网时代-编程资源站