Begini memang resiko nya ketika masih punya server ssh versi jadul, kebetulan saya ada server masih menggunakan ssh versi 4.3 :
$ ssh -v
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
Dan ketika saya baru saja install ulang laptop saya ke Ubuntu 20.04 LTS, dan laptop saya tidak bisa ssh ke server ssh tersebut diatas. Berikut error nya :
Unable to negotiate with 192.168.0.1 port 2222 : no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
Solusi nya adalah saya harus melakukan perubahan pada file ssh_config di ubuntu 20.04 LTS nya dengan konfigurasi sebagai berikut :
$ sudo gedit /etc/ssh/ssh_config
Isinya jadi seperti ini (perubahan pada tulisan berhuruf tebal saja) :
# This is the ssh client system-wide configuration file. See
# ssh_config(5) for more information. This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.
# Configuration data is parsed as follows:
# 1. command line options
# 2. user-specific file
# 3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.
# Site-wide defaults for some commonly used options. For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.
Include /etc/ssh/ssh_config.d/*.conf
Host *
# ForwardAgent no
# ForwardX11 no
# ForwardX11Trusted yes
# PasswordAuthentication yes
# HostbasedAuthentication no
# GSSAPIAuthentication no
# GSSAPIDelegateCredentials no
# GSSAPIKeyExchange no
# GSSAPITrustDNS no
# BatchMode no
# CheckHostIP yes
# AddressFamily any
# ConnectTimeout 0
# StrictHostKeyChecking ask
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
# IdentityFile ~/.ssh/id_ecdsa
# IdentityFile ~/.ssh/id_ed25519
# Port 22
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
MACs hmac-md5,hmac-sha1,umac-64@openssh.com
# EscapeChar ~
# Tunnel no
# TunnelDevice any:any
# PermitLocalCommand no
# VisualHostKey no
# ProxyCommand ssh -q -W %h:%p gateway.example.com
# RekeyLimit 1G 1h
SendEnv LANG LC_*
HashKnownHosts yes
GSSAPIAuthentication yes
KexAlgorithms diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
HostKeyAlgorithms ssh-rsa,ssh-dss
#MACs hmac-md5,hmac-sha1,hmac-ripemd160
Jadi yang berubah nya hanya baris ini saja :
- Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
- MACs hmac-md5,hmac-sha1,umac-64@openssh.com
- KexAlgorithms diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
- HostKeyAlgorithms ssh-rsa,ssh-dss
Semoga tulisan ini bisa membantu pembaca semua yang kebetulan mengalami problem seperti saya
Semoga bermanfaat untuk pembaca semua.
Dony Ramansyah
site : http://donyramansyah.net
blog : dony-ramansyah.blogspot.com
email : dony.ramansyah[at]gmail.com
Registered linux user : ID 40017
Tidak ada komentar:
Posting Komentar