paramiko 不兼容的 ssh peer(没有可接受的 kex 算法) [英] paramiko Incompatible ssh peer (no acceptable kex algorithm)

问题描述

我在尝试使用 paramiko 库通过 ssh 连接到 Cisco ACS 设备时收到以下错误.我在 python 中使用 paramiko 没有问题，我可以从命令行 ssh 到这个框，或者使用 putty 没有问题.我已经打开调试并在此处复制了信息.如果你能帮我，请告诉我.

I'm getting the following error when trying to ssh to a Cisco ACS device using the paramiko library. I've used paramiko in python without issue, and I can ssh to this box from the command line, or using putty without issue. I've turned on debugging and copied the info here. Please let me know if you can help me out.

import paramiko
import sys
import socket

try:
    paramiko.common.logging.basicConfig(level=paramiko.common.DEBUG)
    sshConnection = paramiko.SSHClient()
    sshConnection.set_missing_host_key_policy(paramiko.AutoAddPolicy())
    sshConnection.connect('server',username='username',password='password')
except paramiko.BadAuthenticationType:
    sys.stdout.write('Bad Password!\n')     
    sys.exit()
except paramiko.SSHException, sshFail:
    sys.stdout.write('Connection Failed!\n')
    sys.stdout.write('%s\n' % sshFail)
    sys.exit()
except socket.error, socketFail:
    sys.stdout.write('Failed to open socket\n')
    sys.stdout.write('%s\n' % socketFail)
    sys.exit()

和调试输出返回:

DEBUG:paramiko.transport:starting thread (client mode): 0x14511d0L
INFO:paramiko.transport:Connected (version 2.0, client OpenSSH_5.3)
DEBUG:paramiko.transport:kex algos:['diffie-hellman-group14-sha1'] server key:['ssh-rsa'] client encrypt:['aes256-cbc', 'aes128-cbc', '3des-cbc'] server encrypt:['aes256-cbc', 'aes128-cbc', '3des-cbc'] client mac:['hmac-sha1'] server mac:['hmac-sha1'] client compress:['none', 'zlib@openssh.com'] server compress:['none', 'zlib@openssh.com'] client lang:[''] server lang:[''] kex follows?False
ERROR:paramiko.transport:Exception: Incompatible ssh peer (no acceptable kex algorithm)
ERROR:paramiko.transport:Traceback (most recent call last):
ERROR:paramiko.transport:  File "build\bdist.win32\egg\paramiko\transport.py", line 1546, in run
ERROR:paramiko.transport:    self._handler_table[ptype](self, m)
ERROR:paramiko.transport:  File "build\bdist.win32\egg\paramiko\transport.py", line 1618, in _negotiate_keys
ERROR:paramiko.transport:    self._parse_kex_init(m)
ERROR:paramiko.transport:  File "build\bdist.win32\egg\paramiko\transport.py", line 1731, in _parse_kex_init
ERROR:paramiko.transport:    raise SSHException('Incompatible ssh peer (no acceptable kex algorithm)')
ERROR:paramiko.transport:SSHException: Incompatible ssh peer (no acceptable kex algorithm)
ERROR:paramiko.transport:
Connection Failed!
Incompatible ssh peer (no acceptable kex algorithm)

我确保我安装了最新版本的 pycrypto 和 paramiko.

I've made sure I have the most recent versions of pycrypto and paramiko installed.

推荐答案

我在服务器端的 Debian 8 和 OpenSSH 中遇到了类似的问题.

I was having similar issue with Debian 8 and OpenSSH on the server side.

作为快速修复，服务器端的以下密码/MACs/KexAlgorithms 设置修复了该问题:

As a quick fix, the following Cipher/MACs/KexAlgorithms settings on the server side fixes the issue:

在/etc/ssh/sshd_config 中:

Ciphers aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,hmac-sha1
KexAlgorithms diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1

不过……您应该从安全的角度分析这些设置.我在实验室环境中设置的，所以没在意.

Though... you should analyze those settings from the security point of view. I set it in lab env, so didn't take care about it.

也不确定您是否可以通过这种方式为 Cisco ACS 修改它

Also not sure if you can modify it in this way for Cisco ACS

这篇关于paramiko 不兼容的 ssh peer(没有可接受的 kex 算法)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！